Last week the 34th Annual INCOSE International Symposium took place at Dublin’s Convention Centre. One of the speakers at the Symposium was Dr. Tina P Srivastava, Co-founder of Badge and Ronan caught up with her for a quick chat.
Can you tell me what Badge Inc. does?
Badge’s phishing-resistant technology authenticates users on any device without storing passwords or other secrets.
Each day over 100 billion authentications rely on stored credentials, and the systems used to house these “crown jewels” have become the target of 49% of all data breaches. Previous attempts to solve the problem by streamlining the user authentication experience using on-device authenticators have had the unfortunate side-effect of locking a user to a specific device.
When that device is inevitably lost, stolen, out of battery, or just not immediately available to the user, authentication falls back to high friction and insecure account recovery methods. Badge solved a two-decade-old cryptography problem, enabling Identity without Secrets
. By letting users derive keys on the fly from their own individual authentication factors, including biometrics like face, fingerprint – without ever storing the biometric data, Badge provides unprecedented privacy with a frictionless user experience.
Badge won three Global InfoSec Awards at RSAC 2024 in May 2024. In addition to winning Most Innovative Biometrics Company, Badge was the sole award winner for Privacy-Enhancing Technology and Phishing-Resistant MFA.
Like me, you believe that passwords will soon be a thing of the past as they besides humans are the biggest security weakness with Zero Trust being the logical answer. Why do you believe this ?
Traditional security models based on perimeter defense and implicit trust are no longer adequate to protect against sophisticated cyberattacks. With wide scale breaches being reported every week in the headlines, one must assume that no person, device or network is inherently trusted and continuous verification of identity and access is required.
Badge extends zero trust to the human, not just the device.
This is important because other market approaches to authentication bind the user to hardware, meaning when the user does not have access to that hardware, the solution breaks down. As a result, passwords continue to exist for account recovery on a new device.
Badge is the only market solution that enables a user to create an account and to authenticate without passwords — without having to enroll a backup device for account recovery. Enrol once, authenticate on any device. The system is backed by peer-reviewed zero-knowledge cryptographic security guarantees. Badge does not store biometric templates or private keys.
For the first time ever, users do not need to trust the large identity players, or any company or organization to hold private keys, passkeys, or password hashes on their behalf. Badge is zero knowledge, enabling systems that are fully end-to-end encrypted and fully privacy preserving.
Badge is also resilient to human fallibility; if you lose your phone, you can still get access. Because you are your token, and you can re-derive your key on demand on any device without relying on any central database of credentials, Badge provides unprecedented privacy. Badge is poised to become the foundation of the identity backplane of the internet.
What will a world of zero trust and no passwords look like?
A world of zero trust and no passwords would give power back to users so they can control their own data and access services without compromising their privacy. For businesses, it would provide huge cost-savings potential and a way to gain trust with customers. A world of zero trust would lower the risk of data breaches and cyberattacks, eliminate the need for complex perimeter defenses, and enable faster and more secure access to data and applications from any device and location.
Badge Inc. recently signed a partnership with Cisco, and the future for Badge looks bright, so what’s next for Badge?
When we founded Badge, our mission was to solve one of the hardest problems in authentication by moving the trust-anchor for digital identities to the human. After losing my own identity in a breach, we relied on math to solve the problem using cryptography to build a user-centric solution that makes people their own roots of trust, rather than their device or token. Our goal is to make Badge’s technology available to as many users as possible.
By forging partnerships with the largest security companies in the industry like Okta, Ping, Radiant Logic and now Cisco, we are exponentially increasing the accessibility of Badge, making Zero Trust a reality. We have more partnerships on the way, and will continue to align with more like-minded leaders of our newly formed CISO Council in the fight to modernise traditional cybersecurity approaches, which continue to prove ineffective against today’s data breaches.
See more stories here.
