Image for post
Image for post
IMAGE: Geralt — Pixabay (CC0)

Imagine a world without passwords…

Enrique Dans
Apr 19, 2020 · 3 min read

Two veteran Silicon Valley executives, Jim Clark and Tom TJ Jermoluk, have raised $30 million in funding to launch publicly Beyond Identity, a concept that aims to eliminate passwords once and for all, using biometric technologies.

Have you ever wondered why you can unlock something as personal as your smartphone or computer with your face or fingerprint, but are still forced to remember or store a bunch of passwords for all the pages or services you intend to use? The technology that enables convenient access to your devices was originally created by Apple, which introduced Touch ID into the iPhone 5S, along with a secure enclave inside the processor that protects biometric data, and later incorporated it into the rest of its environment, either through the use of fingerprints or facial identification. Later, Google copied the concept and introduced it into the Android operating system.

The idea of Beyond Identity is to eliminate the need for any password in the authentication process. Most system intrusions are aimed at obtaining exploitable passwords: if we remove them, the fundamental reason for these data intrusions disappears, in addition to providing the user with more convenient access, without the problems associated with having to remember a password, obtain it from a manager or carry out a reset when we forget or lose it.

Beyond Identity works by anchoring the entire security process in the verification of the user’s identity, something that our devices already do very well. From there, by means of a well-known and proven technology, X.509 Certificates, biometric access links the device to its user, and a certificate issued by Beyond Identity authenticates that device and its user to the service provider it intends to access. A certificate or trust string that includes the user and shares it in encrypted form via TLS with the service provider we use to identify ourselves.

It’s a simple idea: assign the verification of the user’s identity to devices that already do it well and through sufficiently secure mechanisms, and link that identity through a chain of securely encrypted certificates. It will probably be used first in corporate environments, where a company will ask users to install the Beyond Identity app on the devices they intend to use to identify themselves (within a list of devices approved for this purpose which considering the trends, will become increasingly broad and inclusive), a device in which a private key will be generated, which from that moment on allows access to corporate applications without the need for a password, simply by authenticating themselves on the designated device.

The process can be used on any number of devices: the device profile generated at the time of service login is unique to each. This makes it possible to differentiate between authentication, which is carried out through cryptography, and authorization as such, which is produced from the device profile. On the same platform, a user can authenticate other devices equipped with company approved biometric identification, such as a laptop fingerprint reader. If we wish to change the device, we can register the new one with any of our previous devices, without having to depend on the help of a corporate helpdesk.

The company says the service will be available for the general public at the end of 2020, possibly by including the pre-installed application in many devices. The idea is a good one: can you imagine a world without passwords, in which accessing services such as your company network, your bank or your social networks is as easy as authenticating yourself on your smartphone?

(En español, aquí)

Enrique Dans

Written by

Professor of Innovation at IE Business School, blogger at enriquedans.com and Senior Contributor at Forbes

Enrique Dans

On the effects of technology innovation on people, companies and society (writing in Spanish at enriquedans.com since 2003)

Enrique Dans

Written by

Professor of Innovation at IE Business School, blogger at enriquedans.com and Senior Contributor at Forbes

Enrique Dans

On the effects of technology innovation on people, companies and society (writing in Spanish at enriquedans.com since 2003)

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store