Jan 17, 2024
MIT Cryptographers Build Patented Biometric Public Key System; Integration with Okta Extends Protection to Auth0 and Okta Users
SAN FRANCISCO, JANUARY 17, 2024 - Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced public availability of its patented authentication technology that renders PII and biometric credential storage obsolete, eliminating passwords, device redirects, and knowledge-based authentication (KBA) with “enroll once and authenticate on any device” ease. Among the first partners to collaborate with Badge is Okta. Now available on the Okta Marketplace, the two companies today announced integration with the popular Auth0 Marketplace, extending Badge’s technology to Okta and Auth0 customers and highlighting the versatility and broader applicability of Badge's solutions within the Okta ecosystem.
“Badge cracked the code on the leading cause of data breaches: stored credentials”
- Ray Rothrock, cybersecurity expert
Ray Rothrock, Badge advisor, venture capitalist, former CEO of Red Seal, and cyber expert commented, “The problem of storing credentials has vexed the security community for decades. In a sea of solutions that claim to secure users, Badge emerges in a blue ocean as the most comprehensive, forward-thinking identity credentials solution available today. With Badge, the pervasive concern of PII being in the open and unprotected is over. The extraordinary MIT minds at Badge cracked the code on the leading cause of data breaches – stored credentials. Badge enables identity without secrets. By giving users a privacy preserving way to authenticate, Badge gives control back to users instead of storing credentials in vulnerable centralized systems prone to data breaches.”
Each day over 100 billion authentications rely on stored credentials, and the systems used to house these “crown jewels” have become the target of nearly half (49%) of all breaches. Despite this known vulnerability, enterprises have been forced to store high-risk information within arm’s reach of hackers. Previous attempts to solve the problem by streamlining the user authentication experience using on-device authenticators have had the unfortunate side-effect of locking a user to a specific device. When that device is inevitably lost, stolen, out of battery, or just not immediately available to the user, authentication falls back to high friction and insecure account recovery methods. The possibility of losing access to data because of a lost or broken device discourages consumers from adopting secure MFA and passwordless technologies.
“Badge offers the benefits of asymmetric public key cryptography without the burdens of key management, and also without the risk of a central repository of key material. With Badge, a consumer can create keys for identity and authentication on one device and use them on others, by deriving keys on the fly,” said Jeremy Grant, former Senior Executive Advisor at the National Institute of Standards and Technology (NIST). "As someone whose heart loves the idea of decentralized identity but whose head says, 'decentralized identity technology isn't ready for prime time,' Badge offers a promising way to address core security and usability challenges and get to the next frontier."
Device-less and Token-less Authentication
Badge’s purpose-built authentication system changes the MFA paradigm, no longer requiring the storage of credentials such as biometrics, passwords, private keys, and other user “secrets.” With Badge, there are no stored secrets anywhere. The user does not need to register on a new device before authenticating on it. Users simply enroll once, then seamlessly authenticate across any device using authentication factors that are unique and inherent to them, including biometric factors such as fingerprint or face. These biometric factors can be combined with other factors such as passive attributes, attestation signals, PINs, etc., to create a strong and convenient MFA method that does not rely on a specific device or token to authenticate users. With Badge’s technology, users can move freely across devices and platforms without losing access to their accounts or compromising security.
“When we founded Badge, our mission was to solve one of the hardest problems in authentication by moving the trust-anchor for digital identities to the human instead of relying on a hardware device that can be lost or stolen,” said Tina P. Srivastava, Co-founder of Badge and MIT aerospace Ph.D. “After losing my own identity in a breach, we went back to the fundamentals. We relied on math to solve the problem and used cryptography to build a user-centric solution that makes people their own roots of trust, rather than their device or token. With Badge, you are your token.”
Badge’s level of sophisticated identity portability across devices solves fundamental key management challenges, making account recovery and password resets a thing of the past. This novel approach delivers freedom without compromise, giving users the power to wield control over their digital identity by authenticating users on-demand for every application, on any device, without storing any secrets. Badge’s service is cryptographically zero-knowledge and quantum resistant.
“Badge has a compelling technology to address both consumer and enterprise use cases,” continued Grant. For enterprise security teams, Badge provides a cost-effective authentication solution that simplifies credential and identity management, boosts overall productivity and performance, and mitigates downstream costs caused by ransomware attacks or legal consequences from the breach of personally identifiable information (PII) or biometrics.
Badge is available now as licensed on-prem software or an annual subscription basis (SaaS). For partners, Badge provides zero-code integration using standard protocols, including OAuth 2.0, OIDC, SAML, FIDO, TLS, Kerberos, and others. Please contact email@example.com for more information or to schedule a demo.
Badge enables privacy-preserving authentication to every application, on any device, without storing user secrets or PII. Badge’s patented technology allows users to derive private keys on the fly using their biometrics and factors of choice without the need for hardware tokens or secrets. Badge was founded by field-tested cryptography PhDs from MIT and is venture-backed by tier 1 investors. Customers and partners include top Fortune companies across healthcare, banking, retail, and services. Learn more at www.badgeinc.com.