BIO-key MobileAuth

BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. MobileAuth’s fast, touchless biometric user authentication – using a palm scan – works with any Android or iOS device to provide the unprecedented combination of a simple, privacy-protected, and convenient user experience with the identity integrity and availability that enterprises require.

While multi-factor authentication (MFA) is an essential part of any IAM strategy, organizations such as NIST and the FBI have warned that traditional MFA methods such as passwords and phone-based methods, including one-time password (OTP) generators and SMS codes, remain vulnerable to social engineering and cyberattacks. Moreover, relying parties, lose control over who is accessing their systems, since the end-user can share a credential or enroll additional users into their phones, without the relying party’s consent. In addition, hardware tokens with their lifecycle costs, lost token churn and difficult user experiences present other challenges.

According to the 2020 Verizon Data Breach Investigations Report, 81% of hacking-related breaches leverage stolen or weak passwords. This, along with other well-documented password challenges, has driven the adoption of passwordless workflows using phone apps secured with user-controlled device-based biometrics or other device-unlock factors.  While more secure than passwords, reports of account sharing, unauthorized delegation, and SIM swapping demonstrate that this type of biometrics lacks the integrity and availability required to support enterprise-level security.

BIO-key MobileAuth with PalmPositive offers a different way to authenticate, eliminating the inconvenience, security risks, and costs of traditional authentication methods by introducing the new category of Identity-Bound Biometrics (IBB), which are well-suited for everyday use cases including remote workforces, third-party access, Customer IAM (CIAM), and passwordless workflows.

Starting with PalmPositive as the first Identity-Bound Biometrics authentication method, future methods including voice and facial recognition will be added to BIO-key MobileAuth in 2021 to continue to offer the highest levels of:

• Integrity: by permanently binding a biometric (palm scan) to the user’s digital identity to ensure only they can use their account privileges, not a proxy.
• Availability: because the user is free to authenticate themselves across multiple devices, even if a new device is introduced.
• Security: because biometrics cannot be forgotten, phished, stolen, or forged. Built-in liveness detection prevents imposters from using scanned pictures or fakes.
• Accuracy: a palm scan is up to 400x more accurate than common user-controlled device-based biometric authentication methods.