Vouch Multi-factor Authentication
Vouch brings innovation to multi-factor authentication (MFA) incorporating mobile-first user simplicity, and distributed blockchain identity technology in a SaaS offering that lowers cost and increases your company’s security compared to traditional password-based systems (like the one you are using now!!).
Today’s security breaches present a new set of challenges for IT professionals to protect their data and users from credential theft and compromise.
Vouch’s comprehensive approach to security includes the following:
- Modern MFA Factors – simply the user experience, while also providing the added security of MFA with modern factors such as biometrics, the user’s device ID and (coming soon) location, time of day and network/IP address factors.
- Remove the source of breached password databases – by replacing centralized password storage with decentralized blockchain storage of user credentials (see Vouch System Overview).
- Completely eliminate passwords – Passwords are a security weakness, a terrible user experience and costly for the enterprise to support (see Cost of Password Resets).
What is Multi-Factor Authentication?
Multi-factor authentication is the process of identifying an online user by validating two or more claims presented by the user, each from a different category of factors. Traditional approaches to Multi-factor authentication combine two or more independent credentials:
- What the user knows (password)
- What the user has (security token)
- What the user is (biometric verification)
The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.
MFA has proven itself to be effective at enhancing security. Traditional usernames and passwords can be stolen, and they’ve become increasingly more vulnerable to brute force attacks. MFA creates multiple layers of security to help increase the confidence that the user requesting access is actually who they claim to be. With MFA, a cybercriminal may steal one credential but will be thwarted by having to verify identity in a different manner (i.e. another factor).
While providing greater security, these traditional MFA approaches have not been widely adopted because of their poor, high-friction user experience:
- Security tokens: Small hardware devices that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in an easily-carried object such as a key fob or USB drive. Hardware tokens provide the possession factor (something the user has) for multi-factor authentication.
- Employee ID and customer cards: include magnetic strip and smartcards.
- Soft tokens: Software-based security token applications that generate a single-use login PIN.
- Mobile authentication: SMS messages and phone calls sent to a user as an out-of-band method, smartphone OTP apps, SIM cards and smartcards with stored authentication data.
Vouch Modern Multi-Factor Authentication Factors
- Completely eliminate passwords – The first point os what Vouch has taken away – passwords. Vouch increases security and decreases user friction by completely eliminating passwords as a factor. Passwords are easily stolen and exploited through sign-up/reset/recovery processes, impersonation, account takeovers, and other hacking tactics. Replacing passwords with human factors such as a biometric is one of the fastest ways to improve security.
- Biometrics – A “what the user is” factor – biological traits can include include facial recognition, fingerprint scans, voice recognition, retina scans, iris scans, finger vein scans, hand geometry and even earlobe geometry. Since most modern smartphones support some type of biometrics capability, the user experience is both intuitive and available to support biometrics via the user’s smart device using Face ID, Touch ID, Android shapes and other methods.
- User Device ID – Virtually all enterprise users carry smartphones these days, each with a unique device ID. Their device serves as a “what the user has” factor – that the user must have in their possession in order to log in. In a mobile-first environment, and especially for mobile-based authentication, a smartphone often provides the most convenient possession factor.
- Vouch Quorums – makes MFA more human by injecting people (or quorums of people) into decision and approval transactional flows. Quorums securely enforce authority across a group of people.
- Vouch Smart Contracts – are programmable, customizable permissions that enable trusted, traceable, transparent transactions between parties.
- Vouch Personas – are roles and privileges assigned to users. Personas define a user’s ability to execute certain transactions. “Vouching” enables a user to extend a privilege or access to another user.
- Location factors (coming soon) – The ubiquity of smartphones once again helps ease the authentication burden here: Users typically carry their phones and most smartphones have a GPS device, enabling reasonable surety with confirmation of a geofenced login location.
- Time factors (coming soon) – Current time is a powerful factor. Verification of employee IDs against work schedules can prevent certain types of user account hijacking attacks. A bank customer can’t physically use their ATM card in America, for example, and then be in Russia 15 minutes later. These kinds of logical locks could prevent many cases of online bank fraud.
- Network factors (coming soon) – The ability to determine the IP address range and allow or disallow access based on that IP address. Interesting security configurations are possible, such as the ability to deny access if your laptop and smartphone are on different wifi networks.
Vouch Multi-factor authentication is enabled via the Vouch Mobile app, or the Vouch SDK that is used to incorporate Vouch functionality directly into our customer’s user experiences.
Using the Vouch app is simple:
- User goes to the site that they want to log in to.
- A message is sent to the user’s phone requesting the user to supply a biometric.
- The user supplies the biometric and is logged in.
- Native mobile apps
- Mobile and PC web sites
- Any web service such as Salesforce, Github, Confluence, JIRA, Slack, etc.
- Email clients
- Amazon Web Service command line actions
- Operating systems
Integrating Vouch to Your Environment
Vouch is easily integrated to Enterprise Identity Provider (IDP) and Identity Access Management (IAM) solutions from suppliers such as Forgerock™, Idaptive™, Okta®, Ping Identity® or Microsoft® ADFS or Azure™ using SAML and Open ID Connect.
The Vouch Multi-factor Authentication Difference
Vouch modernises multi-factor authentication to provide highest security and greatest protection against credential compromise , as well as the best user experience:
- Using Innovative security factors such as Biometrics and Device ID instead of passwords
- Removing passwords simplifying the user experience and making your users and help desk more productive
- Easily integrating to your Identity Provider (IDP) or Identity Access Management (IAM) with simple configuration using standard protocols including Security Assertion Markup Language (SAML) and Open ID Connect (OIDC)
- With a SaaS product offering that lowers cost, is simple to scale and integrate and includes all updates that are available immediately versus on premise solutions models which require forced purchase of an upgrade package and expenses for specialized services to get the environment upgraded.
- Using a decentralized blockchain technology instead of a centralized certificate authority approach to eliminate centralized password-based security breaches
- With support for API-driven uses cases – which expose the full power of Vouch’s blockchain Identity to your organization and development team to enable innovative security and product experiences