Once You Move a User to a Passwordless Experience, The Problem and Risks are Mitigated!


1Kosmos vision to transform the automotive industry seems to be riveting the industry leaders. Firmly stating of making processes and businesses ‘PASSWORDLESS’ is perhaps, the new term defining the 1Kosmos vision. In an exclusive interview with Jitendra K Sagar from TimesTech, Michael Engle, CSO, 1Kosmos elaborates on the traditional security technologies and how their unique offerings like identity proofing and passwordless technologies helping clients scale up existing IT processes. This is indeed set to transform the automotive industry forever. Edited Excerpts. 

TimesTech: What’s Passwordless Authentication?

Michael Engle: As security has evolved, practitioners have realized that authentication must be predicated on more than “what you know,” i.e., a username and password. Identity, therefore, has become a central component of next-gen authentication. Today, strong authentication must include aspects of “what you have” and “what you are,” including:
• validation of any supporting digital identity documentation or assertion;
• verification of the systems and devices that users are using to authenticate; and
• an assessment of behavior and context around the use of an identity.

As such, security technologies have incorporated identity collection and correlation that support nextgen authentication use cases. Multi-factor authentication (MFA) was one such enhancement, but the means by which MFA was implemented in some cases (email and text-based codes) was not sufficient to prevent cyber compromise. Therefore, companies have started adding biometric information or data about the health and hygiene of users’ login devices to the authentication equation, thereby amping up security. Even more stringent approaches, such as adding a “live selfie” for identity proofing, are now becoming accepted where the business case dictates.

TimesTech: Is passwordless authentication the solution to the password problem?

Michael Engle: Yes, once you move a user to a passwordless experience, the problem and risks are mitigated.  However, there are many forms of passwordless. For example, some methods involve trading in a password for a one-time-key (called a token) that gets stored on a user’s phone or computer. However, tokens only solve the problem partially because this key is not reusable in multiple business settings.  For example, you may go passwordless with car manufacturer website #1, but not #2 and not for a downstream service provider like a satellite radio company.

There is a growing trend for organizations to embrace identity-based authentication.  Instead of a token, the user’s online digital identity will be used, creating an experience that removes passwords from any website or digital service in the ecosystem.

TimesTech: What’s its application in the automotive industry?

Michael Engle: The automotive industry would benefit tremendously from adopting identity-based authentication for its employees and customers.  It gives both sets of users a 1-click signup process and removes the need for passwords and one-time text or email codes.  Also, the true identity of the user stays in control of the customer and is shared only with their consent.

TimesTech: What kind of technology is used for identity proofing in the automobile industry?

Michael Engle: There are several ways to onboard a digital identity.  One is from existing user information.  For example, suppose the auto company already knows me (by doing credit checks and selling me products). In that case, they can create the equivalent of a digital wallet with this current information.   We call this “jumpstarting” an identity.

The service provider can also use identity proofing by scanning or downloading citizen credentials.  The credential is verified, matched to the user (with accurate biometrics such as a face scan), and the user’s private digital wallet is created.

TimesTech: How does it benefit the parties involved? Some used case examples?

Michael Engle: Imagine if you buy a new automobile.  On the first day, you would present your identity to the auto dealer.  They would have a trusted credential to start their relationship into the dealer’s systems.

Next, the user would engage with the service department, manufacturer, and other service providers such as payment providers, extended warranty companies, etc.  Every one of these organizations would get to onboard the customer with the press of a button.  Most importantly, they would not have to worry about user accounts or passwords to engage with the user and provide them with excellent service.

Taking it one step further, once the user moves to another automobile, these relationships would go with them seamlessly.

TimesTech: The automotive landscape is changing quickly, what’s 1Kosmos vision for the industry? And what is its India plan?

Michael Engle: The journey towards identity-based authentication consists of many steps.  At 1Kosmos, we are helping companies implement both identity proofing and passwordless technologies to their existing IT processes.  The first step is to fix our day-to-day interactions with our onboarding and system authentication.  The result is a better user experience and better security.
The second step in this journey will be to create connectivity between various organizations to embrace a true distributed and user-managed digital identity.  There are many efforts underway in the industry, specifically the W3C Decentralized Identity standard and Verifiable Credentials.  1Kosmos is working with other technology and industry organizations to mature these standards and make them a part of every organization’s identity vocabulary.