Baber Amin, Veridium: from authentication to recognition
According to the 2021 Mid Year Data Breach QuickView Report, 18.8 billion user records and account credentials were exposed in the first six months this year alone. Yours is very likely among them. Thankfully, passwordless authentication aims to make these statistics meaningless.
Stolen account credentials can be abused by threat actors in a variety of ways, including hacking, fraud, and identity theft. All because someone, somewhere knows your password.
Luckily, there's a way to make stealing your account credentials useless. Enter passwordless authentication, a method that can make logging in more secure and efficient than ever.
Baber Amin, COO at Veridium, shares how Veridium is using AI and machine learning to make passwordless authentication more secure, inclusive, and accessible to everyone.
Veridium is the most comprehensive integrated identity platform powered by AI-based behavioral biometrics. What makes you stand out from other providers?
Most providers focus on their own set of authenticators or support a common standard like OATH, FIDO, and others. We at Veridium have prided ourselves to be all-inclusive, meaning that:
- We strive to support legacy authenticators, modern authenticators, and our own in-house authenticators.
- With our biometric capability, we keep the hardware requirements to a minimum, enabling organizations to eliminate passwords and deploy stronger alternate means of authentication and/or augment their existing authentication with a second or third factor without requiring a hardware refresh.
- We then bring in our machine learning capability to bear: analyzing behavior, user-device interaction, and end-point sensors to craft a living baseline for anomaly detection.
- Lastly, the Veridium orchestration engine creates a tailored and secure end-user experience by using a wide variety of inputs about the user, the endpoint, and the context of the task at hand.
We believe that the combination of these factors is unique to Veridium.
Your ‘4 Fingers Touchless ID’ solution is rather innovative. How is it different from the standard FaceID in Apple smartphones or other common biometric authentications?
Until recently, most fingerprint capture has been done using contact sensors, meaning one or more fingers had to be in direct contact with a sensor in order to acquire a fingerprint. Contactless fingerprint acquisition using cameras has been gaining traction in recent years. Our 4 Finger capability focuses on using the optical capability of cameras in modern smartphones.
Veridium was part of the NIST report that looked at various contactless fingerprint capture mechanisms, where we scored the highest in quality of images compared with images captured with contactful sensors. We believe that our false rejection and false acceptance rates are comparable with traditional dedicated hardware acquisition methods.
In addition to Veridium 4 Finger capability, we also have the facial biometric capability with our vFace offering.
Biometric capabilities like FaceID or TouchID are great. However, as anyone who has lost or upgraded a phone knows, you have to re-enroll on each device. Our technology offers a choice such that the comparison can be done on the device or on the backend.
By doing verification on the backend, the end-user experience is greatly enhanced. The user only has to enroll once and then can use their biometrics for authentication from multiple endpoints. For example, one could enroll their facial biometric on a phone, and then use it on a tablet or a computer with a web camera.
With Veridium vFace, we don’t require expensive or specialized cameras, or specific operating systems. In fact, Veridium vFace can enable a Windows Hello type experience across all devices and all operating systems for all application and service access.
How can Veridium serve the healthcare industry?
The healthcare industry has two principal sets of users: clinicians and patients.
Clinicians need quick, seamless, and secure access to all patient information, and patients need the same for their own health records. Most systems deployed to date have not focused on the needs of either, offering a mish-mash of access capabilities with varying degrees of security and user experience. Here are some ways Veridium serves the needs of the healthcare industry:
- Veridium enables password-free strong authentication from the desktop all the way to the patient record system via our unique integration with Citrix.
- Veridium vFace provides quick password-free and app-free authentication to clinicians in the field.
- Our broad support for authenticators enables clinicians to leverage different second-factor mechanisms for prescribing controlled substances as required under EPCS rules, thus enabling across-the-board, easier adoption of MFA and compliance to EPCS rules.
- The Veridium authentication platform is forward-compatible with newer FIDO-compliant ID badges, enabling a password-free, touch-free, tap-and-go experience for modern access to healthcare systems.
- On the consumer or patient side, Veridium vFace enables a secure app-free and password-free experience to access patient portals.
Which industry was the first to incorporate passwordless authentication? And, in your opinion, which one will be the last?
Going passwordless is a journey with multiple steps. The use of passwords, secret words, and passphrases goes all the way back to the eleventh century BC, with the use of a Shibboleth to distinguish Ephraimites. In our opinion, it’s not about specific industries being first or last in adopting a passwordless approach, but a set of scenarios or use cases.
Remote work and the adoption of zero-trust principles have been at the forefront of adopting a passwordless approach.
What new challenges did the COVID-19 pandemic pose for Veridium?
Being a security company that had a global workforce, we were comfortable with remote operations before the pandemic and now, like everyone else, we are using more video meetings. If I have to pick a challenge, I would say that ever-changing rules around international travel, including transit rules, have been a challenge lately.
Many consumers are hesitant about providing their biometrics due to security issues and identity theft worries. How valid are their concerns?
We believe that this is a matter of helping consumers understand how biometrics are used. Most use cases of biometrics for authentication do not actually store raw images. In our authentication platform, we store a one-way non-reversible encrypted transformation for comparison. Thus, one must worry less about biometrics being vulnerable in a database.
Most of us do not realize that our biometric information is available all the time for anyone to capture.
Our face is captured on multiple security and surveillance cameras on any given day, our fingerprints can be lifted off any number of surfaces we come in contact with, and the same is true of our DNA, which can be easily obtained with just 5-20 skin cells via simple contact with clothes, food, etc.
Good security is a layered approach to security, meaning that no single factor or mode of authentication is foolproof by itself. Combining available signals from endpoints, establishing baseline behavioral and usage patterns, analyzing request context, and preventing successful presentation attacks in a holistic manner enables better end-user experience, better overall security, and reduced fraud.
Having said that, people should be diligent, and they should ask the question of their biometric vendor(s), as well as their identity providers.
Taking a broader view, how do you expect the biometrics industry to evolve in the next five years?
We believe that biometrics will play an ever-increasing role in access control as we move forward. We have already seen the transformation over the last 10 years, as consumers have embraced the use of biometrics starting with access to their mobile phones – from the use of facial biometrics for boarding an airplane to the use of palm prints at checkout at select Amazon stores.
On the enterprise side, we have seen Windows Hello gain wider acceptance. As sensors and computing power gets faster and cheaper, and as the cost of computing continues to fall, we envision a broader use of biometrics for access. Based on current trends, we envision biometrics to be a primary mode of verification in developing countries before it becomes mainstream in developed countries.
What’s next for Veridium?
At Veridium, we live and breathe the notion of a world without shared secrets, aka passwords. We realize that different organizations are in different phases of this journey, thus we continue to focus not only on the future but on building bridges to connect the present to the future.
Ultimately, we envision the discrete process of authentication to become part of the background and transform into recognition, and all manner of biometrics, behavior, and context will play a role in the journey to recognition.