AffirmID Authenticator

A Security First Authenticator App
Ransomware, cyber and crypto attackers leverage endpoint access.
Over 90% of successful attacks exploit weak endpoint security.
2FA Authenticator use “may” reduce that risk.
The authenticators of AffirmID eliminate it.
AffirmID Multi-Factor-Authentication Appliance | ProteqsIT
Clients using AffirmID Multi Factor Authorization on their phone | ProteqsIT

Authentication as it should be!

Use “AffirmID” to affirm those accessing your networks, systems, and accounts are who they claim to be and its “Authenticator” to attest to use of the phone and app. “AffirmID Authenticator” is the only solution providing both “affirmation of identity” and “confirmation of authenticator possession and use” as part of the authentication experience.

“AffirmID Authenticator” is an innovative approach to authenticators and authentication from a visionary having extensive experience in the cyber security field. It’s a cell phone app with the unique ability to recognize the person in possession of the phone. Its 2FA authenticator meets today’s 2-step authentication needs while supplying the option of a smooth transition to a more secure future using either of 3 different cryptographic alternatives (WebAuthn, FIDO2 or Push).

Ransomware, Cyber, and Crypto Attack Challenges

The challenge posed by ransomware, cyber, or crypto attack is not mitigation, recovery, or ransom payment; its avoidance. Avoidance begins with denial of systems access, services, and accounts to all unauthorized persons. Achieving that requires identity recognition and affirmation as part of robust trusted user account registration and authentication. “AffirmID Authenticator” is unique in its meeting these demands.

The need for affirmation of identity occurs first during remote user account registration and following that, for each remote authentication session. A “user to authenticator device” association is necessary to facilitate affirmation of identity. Association could be met by assignment of unique authenticator device or app to each trusted party. Or a more cost effective approach would be certificate assignment to each user perhaps at the Department, Division, Group, or even individual level. AffirmID accepts client provided certificate assignments to either of its 3 cryptographic authenticators. The result, recognizing who the user is from the certificate used by the authenticator and affirmation of user identity and possession at time of registration or authentication .

Endpoints are the Gateway for Ransomware and Cyber Attacks

Endpoints are the only means to access enterprise networks. Well known is remote user login to webpage or service. Other forms include Virtual Private Network (VPN), Remote Desktop connection (RDP), File Transfer Protocol (FTP or SFTP), Shell access (SH or SSH), and Application Program Interface (API). Securing all endpoints is the imperative to avoiding ransomware and cyber attacks. AffirmID Authenticator is the most secure authenticator available today for protecting your networks against external endpoint threats.

Authentication inclusion of an authenticator to better identify the person is easy to do, hard to achieve. The 2-step (2FA) authenticator adds something one has to something they know, and more recent arrivals add to this affirmation of human presence and some do so cryptographically. None address the hard part of identifying the person being authenticated. “AffirmID Authenticator” is different. Its state-of-the-art authenticators are only available to the original user whose behavioral traits are recognized and confirmed, the very definition of affirmed identity.

Impact of Behavioral Biometrics on Authentication

What you do with your phone, how you do it, when and where you do it are some of your unique behavioral traits, traits that are unmatched by anyone else. The biometrics of these traits are collected locally in real-time by AffirmID to recognize and prove your identity with an accuracy exceeding 92%.

AffirmID captures the biometrics of your behavioral traits while using the phone and from these behavioral biometrics recognizes when you have possession of the phone. More importantly, it recognizes when someone other than you has possession and blocks them from accessing the authenticators. Their being unable to access the authenticators means they have no access to endpoints requiring the authenticator use. Trusted party use of “AffirmID Authenticator” for every endpoint authentication ensures enterprise immunity from ransomware or cyber attack.

Authenticators and the Authentication Process

Remote authentication invariably involves an authenticator. The person being authenticated uses it to attest to their having possession and control of the authenticator. “AffirmID Authenticator” has 4 authenticators meeting this NIST guideline. Moving beyond this guideline, AffirmID also requires original user possession as a prerequisite of authenticator use thereby adding the all-important “affirmation of identity” to every authentication that employs an AffirmID authenticator.

AffirmID’s 2FA 2-step authenticator produces time-based or event-based One-Time-Passcodes compliant with RFC 6238 and RFC 4226. 2FA is popular but a growing security risk. Its inclusion in AffirmID addresses the core risk of not confirming user identity and also providing a bridge from 2FA to more modern-day and more secure authenticators. These include WebAuthn compliant with W3C approved standards, FIDO2 compliant with FIDO Alliance standards, and a unique Push authenticator leveraging WebAuthn. These modern-day solutions employ public key cryptography where the private key is securely stored on the user’s phone. In todays challenging cyber security environment no other authenticator provides the user with 4 built-in industry standard methods of authentication. Only AffirmID future proofs authentication without needing to add either USB or other software methods of accessibility.

Securing Authenticator and User Data

Authenticators by their very nature store considerable critical sensitive data on the device. Generally, it includes data such as account information, personal identity data, application data, certificates, secrets, encryption keys, security tokens and more. Left unsecured this data can be harvested and used to highjack authenticator accounts. AffirmID avoids this possibility by encrypting data when at rest. Also, AffirmID only exports data when authorized by the user and then only by use of the best public key encryption.

As a security-first app AffirmID goes to great lengths to secure this data. Indeed, with exception of logs, if any, AffirmID encrypts every data item produced by or supplied to it. One-time-pad symmetrical cryptography is used with keys stored in the phone’s hardware security element. User authorized exported data are encrypted using 2048-bit public key cryptography prior to export over secure networks. Imported data, if any, are also public key encrypted. Public and private keys are stored in the phone’s secure elements.