Authentication as it should be!
“AffirmID Authenticator” is an innovative approach to authenticators and authentication from a visionary having extensive experience in the cyber security field. It’s a cell phone app with the unique ability to recognize the person in possession of the phone. Its 2FA authenticator meets today’s 2-step authentication needs while supplying the option of a smooth transition to a more secure future using either of 3 different cryptographic alternatives (WebAuthn, FIDO2 or Push).
Ransomware, Cyber, and Crypto Attack Challenges
The need for affirmation of identity occurs first during remote user account registration and following that, for each remote authentication session. A “user to authenticator device” association is necessary to facilitate affirmation of identity. Association could be met by assignment of unique authenticator device or app to each trusted party. Or a more cost effective approach would be certificate assignment to each user perhaps at the Department, Division, Group, or even individual level. AffirmID accepts client provided certificate assignments to either of its 3 cryptographic authenticators. The result, recognizing who the user is from the certificate used by the authenticator and affirmation of user identity and possession at time of registration or authentication .
Endpoints are the Gateway for Ransomware and Cyber Attacks
Authentication inclusion of an authenticator to better identify the person is easy to do, hard to achieve. The 2-step (2FA) authenticator adds something one has to something they know, and more recent arrivals add to this affirmation of human presence and some do so cryptographically. None address the hard part of identifying the person being authenticated. “AffirmID Authenticator” is different. Its state-of-the-art authenticators are only available to the original user whose behavioral traits are recognized and confirmed, the very definition of affirmed identity.
Impact of Behavioral Biometrics on Authentication
AffirmID captures the biometrics of your behavioral traits while using the phone and from these behavioral biometrics recognizes when you have possession of the phone. More importantly, it recognizes when someone other than you has possession and blocks them from accessing the authenticators. Their being unable to access the authenticators means they have no access to endpoints requiring the authenticator use. Trusted party use of “AffirmID Authenticator” for every endpoint authentication ensures enterprise immunity from ransomware or cyber attack.
Authenticators and the Authentication Process
AffirmID’s 2FA 2-step authenticator produces time-based or event-based One-Time-Passcodes compliant with RFC 6238 and RFC 4226. 2FA is popular but a growing security risk. Its inclusion in AffirmID addresses the core risk of not confirming user identity and also providing a bridge from 2FA to more modern-day and more secure authenticators. These include WebAuthn compliant with W3C approved standards, FIDO2 compliant with FIDO Alliance standards, and a unique Push authenticator leveraging WebAuthn. These modern-day solutions employ public key cryptography where the private key is securely stored on the user’s phone. In todays challenging cyber security environment no other authenticator provides the user with 4 built-in industry standard methods of authentication. Only AffirmID future proofs authentication without needing to add either USB or other software methods of accessibility.
Securing Authenticator and User Data
As a security-first app AffirmID goes to great lengths to secure this data. Indeed, with exception of logs, if any, AffirmID encrypts every data item produced by or supplied to it. One-time-pad symmetrical cryptography is used with keys stored in the phone’s hardware security element. User authorized exported data are encrypted using 2048-bit public key cryptography prior to export over secure networks. Imported data, if any, are also public key encrypted. Public and private keys are stored in the phone’s secure elements.