The Passwordless Journey to the Cloud (S1:E13)
April 14, 2022
George Muldoon, Vice President of Strategic Alliances at HYPR, “The Passwordless Company”, joins us to talk about moving away from unsecure passwords and moving towards multi-factor authentication (MFA) and cloud platforms to improve security posture and enable business growth.
Speaker 1 (00:01):
You are listening to Humans in Tech, our podcast explores today's most transformative technology and the trends of tomorrow, bringing together the brightest minds in and outside of our industry. We unpack what's new in physical access, identity verification, cybersecurity, and IOT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species and dive into the emerging phygital experience. Join us on our journey as we discover just how connected the future will be and how we will fit into that picture.
Identiv's multifactor authentication solutions, help organizations remain trusted and deliver outstanding employee and customer experiences without worrying about cybersecurity issues. If you only use a password to authenticate a user, it leaves an unsecure vector for attack. If the password is weak or was exposed elsewhere, how do you know if it is actually the user signing in with the credentials and not an attacker? By requiring a second form of authentication, you increase security. The additional factor is not easy for an attacker to obtain or duplicate. MFA is the easiest most cost effective cyber security solution. Leigh Dow, VP of global marketing at Identiv is joined by George Maldoon, vice president of strategic appliances at HYPR, Identiv partner HYPR is the passwordless company trusted by industry leaders and backed by Comcast, MasterCard and Samsung. HYPR is the leading provider of passwordless authentic. With HYPR businesses can stop fishing, reduce fraud and enable unrivaled security for employees and customers across the globe.
Leigh Dow (01:52):
Our partnership with HYPR is a great example of how easy it can be to move your customers away from unsecure passwords. The HYPR Cloud platform improves security posture and enables business grow with MFA that's truly, passwordless. The platform pairs with Identiv hardware. Identiv's uTrust FIDO2 security keys allow individuals, businesses, and government agencies and contractors to replace passwords with a secure, fast, scalable, cost effective login solution. They reduce the need to remember and type passwords work with everyday devices, including phones, tablets, laptops, and desktops, and one device works across all services like Gmail, Facebook, Salesforce, and LinkedIn. George, it's so great to have you with us today.
George Maldoon (02:34):
Thank you, Lee. It's great to be here with you.
Leigh Dow (02:36):
For sure. We know you've been with HYPR for almost four years, but can you tell our listeners a little bit about your background?
George Maldoon (02:44):
Sure. I'd be happy to do that. So I have been with HYPR, as you said, nearly four years, but in the cybersecurity space in general for just about 20. And I have been in everything from authentication to identity to different cryptography areas of cybersecurity and even the endpoint. So quite well rounded. I don't know if that makes me intelligent or just a little older.
Leigh Dow (03:13):
I could relate to that. So tell us a bit more about the work you're doing at HYPR.
George Maldoon (03:19):
Sure. So at HYPR, we are focused on what we refer to as reimagining authentication. There's a lot of vendors out there talking about passwordless and there's so many now that it can mean multiple things, depending on who you're talking to. So we're trying to take the mystery out of it and really make sure people understand that passwordless means not only getting rid of the password, but also having MFA and doing so in a way that users can be really happy along the way. That's the most important thing. If the passwordless MFA technology isn't as easy to use or as easy to type as say a 10 character password, then people are going to revolt. And nobody wants that as we always know that security as important as it is user experience, sometimes Trump's security. And that's why we have so many breaches unfortunately.
Leigh Dow (04:21):
So on that note, according to IBM, data breach costs rose from 3.86 million in 2020 to 4.24 million in 2021, the highest average total cost in a 17 year history of them reporting on that. So what does passwordless mean to you and how can it directly affect company's bottom line?
George Maldoon (04:43):
So passwordless what it really means to us is that you have to not only get rid of the password, but you have to continue to have MFA. And that's why we make it a point to talk about passwordless MFA and not just passwordless. So if you're just getting rid of the password and replacing it, say with an SMS code or an OTP, in some ways you may even be making security weaker along the way. And we want to impact the bottom line by not only getting rid of the password, but replacing it with a much higher level of assurance. When you get rid of passwords, the first ROI that a company typically calculates with HYPR is around things like password resets, operational costs that go away with the help desk, where over 50% of the average enterprises help desk calls, calls and tickets are tied to password resets.
And then you start looking at the savings around security and getting rid of passwords. You're actually eliminating the attacker's favorite target. So passwordless to us really means that you're truly getting rid of the password. And that's another thing that we see in the industry where there's much talk about passwordless, but when you go down the rabbit hole with some of these passwordless claims, they're just obfuscating the password and pacing it in the background. So you have to actually remove the target to get that security payoff and that risk surface elimination you're looking for. And you can also get the operational cost savings by getting rid of the passwords that nobody likes, everybody forgets. And it's pretty significant when you're thinking of Gartner's stats on this, which is in the neighborhood of about $20 per incident and per ticket for a password reset. An enterprise of about 5,000 users, that's significant.
Leigh Dow (06:44):
Right. What would the layman's term be for passwordless? If it's not a password, what is it?
George Maldoon (06:54):
If it's not a password well, the layman's term would be if you have a mobile device, at least for us, you can use that touch or face ID, facial recognition or fingerprint recognition, if you have an Android. It should be as easy as that. In Identiv's world it's a lot of times a smart card or a smart token. And we really identify with that level of security, not all employees necessarily need a smart card, and that's where we would come in. We can use the form factor of the mobile device to compliment what Identiv is bringing to bear with your ecosystem of authenticators. And now we're speaking this same language with FIDO. So it's perfectly suited for the enterprise. Now, working together with us, we have a form factor to satisfy, hopefully nearly all of their employees.
Leigh Dow (07:50):
So how did the HYPER and Identiv partnership come to be?
George Maldoon (07:53):
So it's began actually with our mutual relationship with the FIDO Alliance. And we realized in starting conversations that we had some mutual customers. We're really excited about growing into the public sector space ourselves. And we know that's a really strong part of the market for you and your customer base is chalk full of those types of customers. And on our side, we've got six of the top 10 financial institutions in the US. We've got dozens of very large insurance companies, technology companies, retailers, healthcare organizations.
And so I think there's a lot of complimentary customer conversations to be had. And certainly when you look at the technology of our two organizations, they're extremely complimentary because if you're talking about going passwordless and having strong passwordless MFA, I like how both Identiv and HYPR, we start that process right at the desktop where the user experience really starts in the morning. And we extend that out everywhere they need to go in their workday. Identiv brings it to the physical world as well. So we're just focusing on logical of course, and we're focusing on that form factor of the mobile device, turning that into the security equivalent of the smart card. So, so the two solutions together really give our mutual customers incredible flexibility and scale of a passwordless MFA deployment.
Leigh Dow (09:24):
So on that note, can you explain in a little bit more detail the way our keys and your platform integrate to form a complete MFA solution?
George Maldoon (09:33):
Absolutely. So if you look at the state of passwords support that we had done last year and it's posted on our website at hypr.com. We did a survey of somewhere in the neighborhood of about six to 700 IT and IT security professionals from CIOs to CSOs and other staff. And we asked them "What is your preferred form factor for MFA?" And nearly 80% of the respondents said they wanted the mobile device.
The problem that they then replied back to us on another question was "Around different methods of MFA, which are you most concerned about?" An SMS and OTP were right at the top of the list. And that's typically been the way MFA has happened on a mobile device. So if you look at what we're doing, we can bring these security equivalent of a smart card to a mobile device, bring passwordless MFA also to through the desktop in the same way that Identiv can do, but now we can combine our solutions because we get to a point where our customers, where they say, "Hey there's this subset of users who cannot use their phones, cannot use their mobile devices, nor do we want them to."
And that's where we need to be able to offer them together smart cards and tokens and authenticators, regardless of the form factor that are going to speak FIDO, FIDO2 and also be at that cryptographic level of MFA while we can get rid of the password at the same time.
Leigh Dow (11:14):
So what do you think are the major obstacles then in widespread adoption of MFA?
George Maldoon (11:19):
So I think with passwordless MFA, it's a lot of the same story as with just MFA all along where you want to make sure that you know you've got the right level of security, you want to make sure the solution's easily scalable, of course, cost is always going to be part of the conversation. So that's got to make sense. And then it's got to be very user friendly. So it only really is going to matter if we can get full adoption together and as many users as possible at every enterprise and government agency that we can fortunate enough to call our customers. And I think the combination of our solutions gives us that breadth of options that we can go into any organization, private or public sector and say, if you want to go password list, if you want to also bring that real high assurance level right to the desktop and extend that through anywhere else, the user goes during the course of their workday, together Identiv and HYPR have a really wonderful breadth of solutions for you to choose for all different personas in the enterprise.
Leigh Dow (12:32):
Well, the FIDO piece is really interesting to me because just recently for the first time ever, I saw in a consumer publication wired a whole page devoted to almost advertorial style talking about FIDO. And I've never seen that before outside of more of a scientific technology publication.
George Maldoon (12:55):
Right. I think FIDO's starting to become at least a household name amongst enterprise users. And that's a really good thing. Security and MFA is really long overdue to have that Apple moment or even that Tesla moment where the focus is more on the user experience while retaining that high level of security. So that is not only on the user front, but also on the administrative or on the deployment side. You want to make sure you've got solutions that are easier for your customers to deploy, so you can get the scale quickly and get faster time to value, all without compromising the highest level of assurance that we're trying to bring to our customers.
Leigh Dow (13:42):
So in keeping with that, do you think that the pandemic has made it so that more people understand MFA and understand the importance of security? So many people working from home and going to school online?
George Maldoon (13:56):
Yeah. Even my kids now know what MFA is and they didn't before, they had to go to remote school when the pandemic hit. It's absolutely had a very dramatic impact on people just understanding, they have a responsibility for their own security, to an extent. Lot of people now understand how to use a smart token or a mobile device as an MFA form factor. And we just got to keep on making it easier and easier because I don't really think anytime soon we're going to go back. Even when the pandemic becomes endemic, people have gotten used to work working remotely. So this is the new normal that enterprises and government agencies are going to continue to have to evolve and adapt to get better and better when it comes to security and identity.
Leigh Dow (14:48):
Definitely agree with that. Well, thank you so much for participating and joining us today. Just learned a lot from you. And of course, we always love an opportunity to celebrate the great partnership we have.
George Maldoon (14:59):
Awesome. Thank you for having me.
Speaker 1 (15:02):
Eliminate the risk of data breaches, phishing, password theft and replay attacks with heartened multifactor authentication cybersecurity. Passwordless logins are simple and secure with uTrust FIDO2 NFC plus security keys, insert the device, tap the button and get secure access. It really is that easy. Learn more identiv.com.
Physical security, identity verification, the IOT, the hyperconnectivity of our lives will only grow more pervasive as technology becomes more automated and experiences more augmented. It's up to us to preserve our humanity and use new tools and trends for good. The only question is, are we up for the challenge?