Many companies are fed up with passwords, but the next step isn't so clear. Biometric authentication is winning favor, but LiveEnsure contends there is a less intrusive way to verify identity.
The industry "is rushing to stamp and print information in service of identity and security without thinking of its nature as really immutable," said Christian Hessler, CEO of LiveEnsure, a multi-factor contextual authentication provider, adding the ID security industry "is using really private information for authentication."
LiveEnsure launched in early 2014 and currently does business in more than 80 countries with about 1,200 developers and clients, including banks, social media sites and even the U.S. government. The company also recently received a United States patent for its authentication solution.
LiveEnsure's Digimetrics is a mobile app that uses cloud-hosted technology and the user's device to validate "things we can expect, things that the device and cloud in real time inspect, things the site can inject and things the user from a voluntary perspective can affect," Hessler said. "But no one of those things in a serialized fashion makes you you. Most hacks work by taking one element out of context, which is then used to recreate you."
Since the users decide what knowledge elements they prefer to use for authentication, Hessler said, it doesn't add any additional friction to the process. The app also doesn't store any information on the device nor does the company expose personal data to third parties.
This is particularly important given the emergence of the Internet of Things (IoT), in which more devices are connected and the increased sophistication of fraudsters figuring out ways to compromise highly secure databases, said Hessler.
"The need for strong authentication and digital ID is obvious we are all struggling to remember a myriad of log-in details and passwords, all of which is just too easy to hack," said Zil Bareisis, a London-based analyst with Celent. "It will interesting to see as standards begin to emerge and how different solutions match up against those standards, such as the ones developed by organizations like FIDO Alliance."
Many new fraud detection platforms, such as BioCatch and Riskified, are using behavior analysis to mitigate fraud, and are designed to vet identity even if some of the user's factors change. For example, a user could change his or her password or their smartphone, and the companies could still figure out who the user is.