Part 3: ForgeRock Gives Customers Choice In Going Passwordless
In the second part of this blog series, I talked about how technology leaders are embracing the FIDO Alliance’s WebAuthN distributed approach to passwordless authentication to facilitate integration into numerous applications.
In Part 3, we’ll show you how ForgeRock stands apart, offering a unique and truly comprehensive approach to passwordless authentication. We provide both out-of-the-box and curated partner solutions for a wide spectrum of applications that go well beyond FIDO as it stands today. Available now are both out-of-the-box and curated solutions for a wide array of applications that enable a truly passwordless experience.
Passwordless right out of the box
Available today, ForgeRock’s authentication engine has two out-of-the box capabilities built in: FIDO WebAuthN standard support and push-based authentication.
Our identity platform natively supports the FIDO2: WebAuthn specification, which allow users to leverage their smartphones, computing devices or a hardware token to authenticate to online services. That means any device that supports WebAuthN can be used as an authenticator for ForgeRock without the need for any additional software.
Also built into our platform is push-based out-of-band authentication. When an authentication event occurs on a device, the ForgeRock Intelligent Authentication Engine notifies the user that authentication for a device that has been enrolled in ForgeRock is required. There are several ways to accomplish this: enroll the device with a QR code using the ForgeRock Authenticator app (available in major apps stores), or implement an app integration via the ForgeRock’s Zero Touch mobile software development kit (SDK). Once the device is enrolled, ForgeRock automatically sends a push notification and asks the user to authenticate by using the method native to the device, such as touch, facial recognition, or other techniques.
The ForgeRock Trust Network
Through the ForgeRock Trust Network, an extensive ecosystem of over 75 partners, we give our customers and their users ultimate flexibility and choice. Our portfolio of third-party solutions includes centralized biometric systems to satisfy the need for roaming or inter-device movement, easy-to-implement and creative FIDO solutions, and innovative biometrics modalities that go beyond what is available with FIDO or native to the device.
Here are some examples of what’s available:
- Centralized biometrics: We have partners that can store any type of biometric data – whether it’s voice, thumbprints, or iris scans – in a non-reversible way. In essence, the biometric data that the application consumes is hashed so that it can’t be reassembled. The minutiae from any biometric is put through a non-reversible algorithm, which allows you to centrally store the biometric in a secure form. This enables you to do things like free seating, where you don’t need to enroll individual devices and marry them to individual users. This is especially relevant in healthcare, military, and government applications.
- Multi-modal authentication made simple: Some of our partners have created out-of-the-box multi-modal authentication systems, many using FIDO. But rather than having to go out and find separate facial recognition, iris scan, or thumbprint authenticators yourself, they’ve done all the legwork. These partners license all the different biometric authentication techniques and bring them together. They then add a management layer, a user experience layer, and developer tools to make the solution easily adaptable to any device. FIDO often operates behind the scenes transparently – you don’t even know it’s there. These multi-modal solutions are useful in situations where a company wants a choice as to which mode of authentication they prefer and be able to provide the user with the same choices. Leveraging our partners’ technology, the ForgeRock Intelligent Authentication engine orchestrates that experience.
- Flexible and Futureproof: ForgeRock partners are using new and innovative authentication modalities that extend beyond biometrics. Whether it’s optical codes you scan with your smartphone replacing usernames and passwords or proximity technology that can determine if you are standing in front of an ATM, our partners are bringing customers a world of innovation. This means that as circumstances, use cases, and technologies evolve, ForgeRock customers can take advantage of the latest advancements
Behavioral biometrics and device reputation technology further strengthens passwordless authentication
Once you stop collecting passwords and start using biometrics or other authentications, it’s helpful to have behavioral authentication working behind the scenes to detect fraud and risk signals. ForgeRock’s partners can create behavioral biometrics profiles for users by collecting and analyzing hundreds of human-device interactions, like scrolling patterns and speed, keyboard typing, finger size, and more. This can help determine if the user is a human or a bot that may be lurking on your websites and in your applications. A person’s unconscious behavior can prove to ForgeRock that they are who they say there are. If we see that, we can require a person to re-authenticate or use a stronger form of authentication. With these amazing partners, we’re always checking on users behind the scenes.
On the device reputation side, our partners have massive global networks tracking devices involved with elicit behavior. This instructs us if a device is untrustworthy or appears to have been used for fraudulent activities. In those cases, we can require stronger forms of authentication or deny the user outright.
Whether you are using ForgeRock’s built-in passwordless capabilities, leveraging the industry’s most powerful partner ecosystem or layering in behavioral biometrics and device reputation solutions, it all comes together seamlessly with ForgeRock’s Intelligent Authentication technology. Intelligent authentication allows our customers to orchestrate the perfect passwordless user journey, from end to end.
Are you ready to embark on your passwordless authentication journey? Don’t delay.
Start by clicking here to find out more about ForgeRock’s Trust Network.
Check out the rest of the Passwordless series here:
- A Passwordless Future Part 1: Smartphone Manufacturers Quietly Lay the Groundwork
- A Passwordless Future Part 2: A Standard Finally Bridges the Gap
*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Ben Goodmann. Read the original post at: https://www.forgerock.com/blog/passwordless-future-here-now