Passwords are the past

Newly announced push authentication features and capabilities in the ForgeRock Identity Platform support passwordless login and frictionless second factor authentication.

  • 7 years ago Posted in
ForgeRock has introduced the latest edition of the ForgeRock Identity Platform, with advanced new capabilities that will enable organisations to orchestrate highly secure, frictionless user experiences using push authentication. The ForgeRock Identity Platform is the industry’s first end-to-end open source identity management solution to support passwordless login and frictionless second factor authentication capabilities for continuous security.
 
With billions of Internet of Things (IoT) devices and services coming online – Gartner, Inc. forecasts that 20.8 billion connected things will be in use worldwide by 20201 – the conventional login-and-password approach to authenticating users and authorising access to data and services will no longer be workable. In fact, Forrester expects that with computing processing power increasing dramatically, even passwords 14 to 20 characters long will be readily crackable and largely ineffective for protecting high-value, high-risk assets and transactions by 20192. The ForgeRock Identity Platform is designed for this challenging new environment.
 
Where other identity management products offer passwordless login at the beginning of a session, the ForgeRock Identity Platform invokes passwordless, second factor authentication any time during a session, should an anomaly occur. For instance, if your laptop switches from a secure company wifi network to an unsecure network in a coffee shop, re-authentication would be invoked via a required response to a push notification sent to your phone – through a biometric TouchID, a swipe or other action – in order to maintain access to an online service. This kind of continuous security without passwords is essential for a frictionless customer experience in any number of business cases – from securing the smart car and smart home applications, to healthcare devices, wearables, mobile banking and industrial IoT situations where ease of use and the highest level of access security are essential.
 
“User frustration is a real concern with two-factor authentication, and a significant barrier for organisations working to create the kind of secure, seamless online user experiences that we’ve all come to expect online,” said ForgeRock CEO Mike Ellis. “With passwordless authentication now available through the ForgeRock Identity Platform, our customers can create highly secure, frictionless user experiences that will delight and engage end users, while keeping the growing number of IoT devices and data out of the wrong hands.”
 
Passwordless authentication not only improves the user experience, but can also increase the level of security organisations can provide to their customers while reducing cost and administrative workload. 
In a typical ForgeRock implementation, the first authentication step happens via the Internet. The second method is ideally completed over a separate network (out of band), which is what happens with push notifications that travel over the Apple (APNs) or Google (GCM) dedicated notification networks. These steps make it more difficult for potential cybercriminals, who would need to hack into both an individual’s laptop and mobile device to gain access to user data. Additionally, using push notifications provided through an authenticated mobile app is often dramatically less expensive than conventional token-based approaches, which are notorious for hidden costs associated with deploying hardware and software, token licenses, maintenance and help desk costs.
 
ForgeRock also announced several other new features today:
 
Stateless OAuth Token Support - Reduces the complexity of securing hundreds or thousands of microservices and API endpoints using industry standards OAuth2 and OIDC.
 
Common Audit Event Handlers for Elasticsearch and JMS - Simplifies the audit and analysis of complex identity activity across all applications and devices, while enabling real-time monitoring of identity activity for better security insight.
 
Identity Relationship Visualisation - ForgeRock Identity Management users can now visually display all relationships to any given identity through the management console and will be represented in a graph database-style display.
 
API Protection (Rate Limiting) - A new Request Throttling filter capability in ForgeRock Identity Gateway regulates traffic volume to ensure consistent levels of service, and reduces the risk of malicious attackers attempting to disrupt a service using DoS-style attacks.
 
Encrypted Database Entries - Encrypting data while at rest protects sensitive customer information like account numbers from accidental exposure by administrators and unauthorised users. Distribution of data virtually across public, private and hybrid environments is becoming commonplace, and requires an additional level of data security.
 
“The speed at which organisations reap the rewards of the Internet of Things (IoT) will depend on several critical factors – one of which is getting to grips with identity management. And demand for new options to secure digital identities will only continue to accelerate as the IoT takes hold across multiple industries,” said Martin Kuppinger, Founder and Principal Analyst, KuppingerCole. “One of the greatest challenges of access management is controlling the complex relationships between things, devices and people, whilst supporting the authentication of things. Managing millions of connected things places new demands on scalability. Organisations looking to reap the rewards of the IoT will first need to consider if their identity platform can handle the challenges involved. Because managing – and securing – digital relationships at scale requires a deep understanding of the identity management challenges that are posed by the IoT.” 
 
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Trend Micro has released new research detailing the murky cybercrime supply chain behind much of...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...
State of Industrial Cybersecurity report reveals only 21% of organizations achieved full maturity...