In an interesting twist on two-factor authentication (2FA), one startup is using biometrics on mobile device to authenticate users remotely.
As per reports, BindID from identity and access management startup Transmit Security will enable users to authenticate themselves without passwords by using the biometrics information stored on their phones.
“BindID is the industry’s first app-less, strong, portable authenticator that uses device-based biometrics for secure, convenient, and consistent customer authentication,” Transmit Security co-founder and CEO Mickey Boodaei told VentureBeat.
Biometric authentication
BindID is built on top of open standards and protocols such as the OpenID Connect and OAuth 2.0. Boodaei claims this also makes it easier for companies to deploy the cloud-based service.
A BindID-enabled login experience will ask users to authenticate by scanning a QR code from their mobile devices. BindID will then invoke the device’s preconfigured biometrics allowing the users access without having to grapple with complex passwords.
Users will have to first share their login credentials and biometrics with the BindID instance running at the remote service provider, which will be used to establish their identity on subsequent logins.
Besides mobile phones, Boodaei says BindID works with other biometric-enabled devices, such as laptops and tablets as well. It is argued that the cloud-based BindID will help companies roll-out biometrics-based security without the associated costs of such a setup. He added that the system is in trial at “some of the largest Fortune 100 companies” without going into further details.
While BindID does sound convenient for users, switching to a device-centric authentication makes identity protection even more challenging.
Via: VentureBeat