How eliminating passwords with ShoCard can improve both security and user experience

October 4th, 2018   |     |  product & technology

As our world has migrated to a collection of digital, cloud-based services, we have become more reliant on usernames and passwords, along with various forms of multi–factor authentication (MFA). The stakes in authentication are high, as it serves as a gateway to valuable data used to access both workplace and personal services. Regardless of how secure the services may be, their weak link — and primary target point for hackers — is usernames and passwords.

Passwords: The weakest link in the chain

Since a chain is only as strong as its weakest link, many organizations employ some method of second-factor to validate user identities from clear text SMS with One Time Passwords (OTP) to secret questions to Knowledge Based Authentication (KBA) to smartphone applications with push notifications.

All of these forms of MFA are built on the original username and password paradigm. At ShoCard, we believe the best way to increase the security of authentication is to eliminate usernames and passwords altogether.

Think of the comparison of combustion-based gasoline powered vehicles to electric vehicles. You can improve a combustion engine to consume less gasoline per mile so that it is more reliable, requires fewer oil changes, and has reduced transmission issues. However, with the introduction of electric vehicles, the combustion engine-related issues are all eliminated, like oil changes, timing belts or transmissions. The removal of usernames and passwords altogether provides a similar result in the way of strengthened security – there is no need to make them more secure as they simply no longer exist.

Replace the weakest link

ShoCard offers a distributed solution where users’ identities are entirely stored on a mobile device, and authentication codes in the form of digital certificates are placed on an independent data source – the immutable blockchain. Each mobile device is equipped not only with private keys that never leave the device and the user’s identity information, but also geo-location and facial images for true-biometric authentication.

This solution is provided through its product, ShoBadge, which uses SAML to seamlessly integrate as an IdP with OneLogin’s Unified Access Management Platform.

Together, OneLogin and ShoBadge provide a seamless authentication method for the user along with comprehensive management of applications and services. With ShoBadge, a user is authenticated through a four-factor authentication process, and is enhanced with two additional optional factors:

  1. The geo-location of the individual based on their GPS location.
  2. A selfie of the person behind the device which proves their identity during a login attempt.

The impact: Enhanced security AND user experience

The result for the user is that they can simply scan a QR Code and never have to type in a username or a password. Behind the scenes, a true multi-factor authentication process occurs.

ShoBadge eliminates the need for a central database of identity data, which is often targeted by hackers. If a phone is stolen and a hacker is able to enter a pin or fake a TouchID/FaceID equivalent on the app, they still cannot bypass the true-biometric validation where a live selfie is captured and compared with a registered identity that was previously certified on the blockchain.

This joint solution by ShoCard and OneLogin provides a unique experience that is easier to use and more secure than any other enterprise product that exists. This combined identity management offering was designed around YOU.

Check out our ShoCard partner page for more information about the integration.

About the Author

Armin Ebrahimi is Founder and CEO of ShoCard, a digital identity verification system that protects consumer privacy through the patented use of mobile devices and the blockchain. An industry veteran, he brings more than 30 years of experience in scalable platforms, online services, mobile-development and digital advertising to the ShoCard team.

View all posts by Armin Ebrahimi

Secure All Your Apps, Users, and Devices