Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/9/2020
05:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Beyond Identity Joins FIDO Alliance

The FIDO Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies.

NEW YORK, July 07, 2020 (GLOBE NEWSWIRE) -- Newly launched passwordless identity management startup Beyond Identity today announced it has joined the FIDO Alliance, a cross-industry coalition developing open, interoperable authentication standards that reduce reliance on passwords with authentication that is more secure, private, and easier to use.

The FIDO Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The organization is driven by hundreds of global technology leaders across enterprise, payments, telecom, government, and healthcare, all of which help to influence the development of FIDO specifications; establish best practices for deployment of FIDO Authentication; and drive global awareness of the Alliance, its mission, and the FIDO specifications.

“Passwords endure despite being universally reviled for their user unfriendliness and inherent insecurity,” said Tom (TJ) Jermoluk, Co-Founder and CEO of Beyond Identity. “We applaud FIDO’s mission to curtail the use of passwords – the bane of everyone’s existence and a major source of risk for CISOs – and look forward to collaborating with Alliance members on championing the adoption of authentication mechanisms that not only enhance the user’s login experience but bolster enterprise security.”

Founded to eliminate passwords, Beyond Identity exited stealth in April to introduce a revolutionary, passwordless identity management solution. Leveraging and extending inventions from Dr. Taher Elgamal, the “Father of SSL,” and Professor Dr. Martin Hellman, the co-inventor of public-key cryptography (PKC) – headliners of Beyond Identity’s all-star technical advisory board – the company replaces passwords with trusted certificates, originally defined in PKC and ubiquitously deployed within TLS (formerly SSL). This proven, secure, and scalable approach enables Beyond Identity to eliminate passwords, reduce risk for organizations, remove friction for end users, and offer consumers a much more secure alternative to password managers.

“We are excited to welcome our newest associate member, Beyond Identity,” said Andrew Shikiar, Executive Director and CMO of the FIDO Alliance. “The FIDO vision of universal strong authentication promises better security, enhanced privacy, more commerce, and expansion of services throughout digital industries. Beyond Identity’s addition to our Alliance supports our industry goal to make user authentication easier and safer for all parties.”

Unlike other authentication methods and general security products, Beyond Identity increases both usability and security simultaneously. The company’s cloud-native platform provides a secure method of authenticating users and devices without passwords by using the same secure and scalable approach – X.509 certificates – that is already universally deployed with TLS and underpins trillions of dollars in online transactions daily. The solution creates a Chain of Trust™ that includes user and device identity and a real-time snapshot of a device’s security posture, all in an immutable package that is signed by a provably secure certificate. Notably, Beyond Identity supports industry standards like OpenID Connect, SAML, and TLS, and is a member in the development of the FIDO Alliance’s FIDO2 specifications.

About Beyond Identity

Headquartered in New York City, Beyond Identity was founded by industry legends Jim Clark and Tom Jermoluk to eliminate passwords and radically change the way the world logs in, without requiring organizations to radically change their technology stack or processes. Funded by leading investors, including Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA), Beyond Identity’s mission is to empower the next generation of secure digital business by replacing passwords with fundamentally secure X.509-based certificates. This patents-pending approach creates an extended Chain of Trust™ that includes user and device identity and a real-time snapshot of the device’s security posture for adaptive risk-based authentication and authorization. Beyond Identity’s cloud-native solution enables customers to increase business velocity, implement new business models, reduce operating costs, and achieve complete passwordless identity management. Visit www.beyondidentity.com for more information.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.