ForgeRock, a provider of identity management solutions, announced the latest edition of the ForgeRock Identity Platform, with new capabilities that will enable organizations to put in place secure, frictionless user experiences using push notifications. The ForgeRock Identity Platform supports passwordless login and frictionless second factor authentication capabilities for continuous security.
Where other identity management products offer passwordless login at the start of a session, the ForgeRock Identity Platform invokes passwordless, second factor authentication any time during a session should an anomaly occur. For example, if the laptop switches from a secure company Wi-Fi network to an unsecure network in a coffee shop, re-authentication would be invoked via a required response to a push notification sent to your phone – through a biometric TouchID, a swipe or other action – in order to maintain access to an online service.
This kind of continuous security without passwords is going to become increasingly important for a frictionless customer experience in any number of business cases – from securing the smart car and smart home applications, to health care devices, wearables, mobile banking and industrial IoT situations where ease of use and the highest level of access security are essential.
With billions of Internet of Things (IoT) devices and services coming online – Gartner forecasts that 20.8 billion connected things will be in use worldwide by 2020 – the conventional login-and-password approach to authenticating users and authorizing access to data and services will no longer be workable. Also, Forrester expects that with computing processing power increasing dramatically, even passwords 14 to 20 characters long will be readily crack-able and largely ineffective for protecting high-value, high-risk assets and transactions by 2019.
Passwordless authentication not only improves the user experience, but can also increase the level of security organizations can provide to their customers while reducing cost and administrative workload.
In a typical ForgeRock implementation, the first authentication step happens via the Internet. The second method is ideally completed over a separate network — out of band — which is what happens with push notifications that travel over the Apple or Google dedicated notification networks. These steps make it more difficult for potential cybercriminals, who would need to hack into both an individual’s laptop and mobile device to gain access to user data.
Additionally, using push notifications provided through an authenticated mobile app is often dramatically less expensive than conventional token-based approaches, which are notorious for hidden costs associated with deploying hardware and software, token licenses, maintenance and help desk costs.