Security

IDEE’s authentication, authorization, and identification solutions run on a singular technology that is built on the principles of public key cryptography.  This means that each user has her own private key and this private key is generated on the user device using a hardware random number generator.  Additionally, the user can utilize the private key for signing and decryption, but she does not know the private key and cannot copy, edit, or download this private key. 

No Phishing

Nearly 1 out of 3 data breaches involved phishing last year and phishing attacks in total increased by 65%. Trend Micro expects Business Email Compromise (BEC) attacks (phishing) to result in $9 billion of losses for businesses in 2018. IDEE’s Web Login prevents phishing because there are no credentials to be phished.

No Account Takeover

With account takeover, an attacker could change the password to lock the user out and then perform fraudulent actions such as making payments. With IDEE, it is impossible to hijack a user account without physical access to the user device and the strong factor used to protect access to the device. There are no credentials stored on servers or known to the user that attackers can obtain or phish.

Prevents Identity Theft

65% of data breaches was a result of identity theft, followed by account access with 17%. With IDEE, the user’s identity is tied to a physical device under their control and using a strong factor of authentication to protect it. The identity cannot be extracted and/or used without the user’s authorization on the physical device.

Prevents the use of fake identity

New online accounts created from stolen identities can cause devastating damages to companies and individuals. When a user uses IDEE’s Instant Sign-Up or Instant Checkout to sign-up for a service provider, the existing KYC is cryptographically signed and sent from the data provider to the service provider. Thus, the service provider can be sure that this new account is created from a trustworthy source by a real user

No credential stuffing attacks

In 2018, more than 30 billion malicious login attempts were registered, amounting to more than 43% of all login attempts. With IDEE’s Web Login, these “credential stuffing” attacks are not possible since credentials stolen from other past breaches cannot be used.

No Formjacking / Malware recording input

Entering credentials manually opens your system to threats such as Malware recording the input. Attacks such as formjacking and keylogging increased and formjacking surpassed ransomware and cryptojacking as the top threat in 2018. With IDEE there is no manual data entry, no usernames and no passwords, so no Malware can record your login credentials.

Prevents insider threats

Costs from insider-related threats increased by 15% from 2018 to 2019 to up to 7.9 million € per year per company. With IDEE even administrators don’t know your login credentials, so they cannot leak credentials.

Privileged account abuse prevention

Most systems can be easily bypassed with admin privileges. With IDEE’s admin bypass protection, service providers can check if the request was really initiated by the user. Attackers with admin privileges on IDEE’s servers cannot bypass, alter and / or influence access to a user account.

Eliminate the risk of weak passwords

80% of breaches involve compromised and weak credentials Without passwords, there are no weak passwords and they cannot be compromised.

No password reuse

52% of users use the same password for multiple services. This increases the chances of a breach exponentially. With IDEE, the user doesn’t have a password and as a result, no password to be reused. The user authentication factors cannot be duplicated or replayed.

No password sharing

69% of employees share their passwords with others. This increases the chances of phishing and makes employee accountability impossible. With IDEE, login credentials cannot be shared with another person and cannot be stolen.

Always uses strong authentication

According to Microsoft, customers can cut their risk of account compromise by 99% by enabling MFA. With IDEE every authentication uses at least 2 factors e.g. biometric and possession of your phone. This ensures strong authentication with every interaction. When logging in with a QR code, it is additionally guaranteed that the user is actually in front of the device.

Defense-in-depth

Unlike other authentication solutions IDEE provides a verifiable assurance of the authenticated user to the service provider as part of the authentication response. This is an additional assurance to the service provider of the integrity, non-repudiation and provenance of the authentication.

No login credentials on servers

More than 1.16 billion email addresses and passwords were exposed in 2019. With IDEE, login credentials aren’t stored centrally. This means login credentials cannot be stolen from the service providers server even if there’s a breach. This also means that login credentials do not need to be changed when a breach happens.

End-to-end protection

Every communication is protected with end-to-end encryption, so eavesdropping is not possible.

No shared secrets. No tokens. No SMS codes

OTPs and SMS codes can be phished through attacks such as real time phishing, hijacked and/or stolen from the service providers backend. With IDEE there are no shared secrets, tokens and SMS codes as used by other identity providers to patch passwords.

Based on proven and trusted technology

IDEE leverages public key cryptography and hardware-based trusted execution environment such as secure element/secure enclave and trusted platform module to establish and secure the user identity and authentication factors.

Remote logout from services

With IDEE, users can log out from their services remotely. This prevents unintended information disclosure and increases security.