Device-Based Mass-Market Authentication Must be as Easy as SSL in a Post-Password Society

LAS VEGAS, Aug. 4, 2014 (GLOBE NEWSWIRE) -- BLACKHAT USA 2014: If you are wondering whether cybercriminals are running out of ideas, the latest attack demonstrations and program vulnerabilities on display during this week's BlackHat USA 2014, happening August 2-7 at Mandalay Bay in Las Vegas, NV make it clear the answer is an emphatic, "No."

Yet despite broad consensus that weak passwords are at the root of online security problems, we are far from a post-password society. To evolve, device-based mass-market authentication must be as easy to use and as transparent as SSL.

"The barrier to mass-market deployment of stronger authentication boils down to the impact on the user experience," said John Zurawski, vice president at Authentify, Inc. "After all, security and convenience have historically had an inverse relationship. But we are turning that equation on its head by using device-based security. Smartphones are packed with features that can be used for strong authentication. What we have done is make that experience as simple, automated and friction-free for mobile users as SSL or HTTPS is on the Web."

At BlackHat USA 2014, Authentify is introducing xFA™ Smart Choice, an extension to its xFA device-based multifactor authentication service. In a BYOD world, an end user may or may not have a fingerprint reader, a gesture based keypad or other device specific authenticators available. xFA Smart Choice relieves the enterprise of having to implement their own programmatic way to automatically select or prioritize the authentication factors a user may or may not have available on their mobile device, an industry first.

The prioritization of available authenticators was developed based on Authentify's extensive experience in mobile and device-based authentication including the protection of more than a trillion U.S. dollars in transaction value worldwide. Authentify's customers include 4 of the 5 largest U.S. banks, 2 of the top three insurance companies in North America and many of the Web's top e-commerce sites.

Authentify's xFA is an app and online service that turns mobile devices into the equivalent of a multi-function security token perfectly suited for BYOD applications. Coupled to biometrics, knowledge-based authenticators and finger swipe gestures, xFA also provides server-to-server class digital certificate-based security and optional QR code scan logins.

Suitable for access or transaction confirmation, xFA, which stands for "x" factors of authentication, uses an encrypted, out of band communication channel to effectively protect against the most difficult types of cyberattacks such as man-in-the-middle (MITM) or man-in-the-browser (MITB), where information is intercepted between the end user and the online account or service. It also provides strong multi-factor authentication supporting voice biometrics, both the Samsung Galaxy S5 and Apple iPhone fingerprint sensors, gesture/pattern matching and other forms of secure messages. With xFA and the new Smart Choice API, enterprises and ecommerce providers, or their users, can automate device-based multifactor authentication as needed for a given transaction.

Authentify xFA can be used by any online service provider or enterprise that needs strong protection at time of logon or any time in the transaction flow, but also needs a simple user experience. xFA provides greater protection from password exploits or breaches to financial services, e-commerce, medical insurance firms or any enterprise/SMB private networks, without losing productivity or inconveniencing users.

Authentify will demonstrate the convenience and power of xFA and Smart Choice device-based authentication at BlackHat 2014 in booth #358. The show floors hours are 10 a.m. to 7 p.m. on Wed. 8/6, and 10 a.m. to 5 p.m. Thurs. 8/7.


Video: How Authentify delivers Out-of-Band authentication

Authentify Interactive Demo Center

About BlackHat

For more than 16 years, BlackHat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. BlackHat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. BlackHat Briefings and Trainings are held annually in the United States, Europe and Asia, and are produced by UBM Tech. More information is available at:

About Authentify, Inc.

Authentify provides multi-layered, device-based user authentication services that can be controlled by enterprise policy, while offering a very simple, intuitive and consistent end user experience. Its solutions protect more than a trillion dollars in transaction value with device-based authentication worldwide. Customers include the top three e-commerce sites, five of the world's largest banks and the top four insurance companies. Inc. Magazine has ranked Authentify among America's fastest growing private companies.

Authentify employs a patented out-of-band authentication process providing a message-based architecture that seamlessly integrates with existing online processes developed for e-business, secure information access, or the distribution of security credentials. With its multi-language compatibility using landlines, mobile phones, tablets and other smart devices, Authentify's service offers a truly portable authentication solution with worldwide reach that leaves no end users behind.

For more information, visit Authentify at:

