https://www.darkreading.com/application-security/startup-offers-free-version-of-its-passwordless-technology-/d/d-id/1339974 [p] * Informa Dark Reading is part of the Informa Tech Division of Informa PLC * Informa PLC * About us * Investor relations * Talent This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726. * * Database Security Authentication Mobile Privacy Compliance Careers and People Identity & Access Management Security Monitoring Advanced Threats Insider Threats Vulnerability Management To InformationWeek Network Computing Dark Reading Advertise About Us [DR_mobile_] _ [DR_search] _ [DR_mobile_] [DR-section] [mobile_clo] * The Edge * Authors * Slideshows * Video * Reports * White Papers * Events * Black Hat * Attacks/Breaches * App Sec * Cloud * Endpoint * Mobile * Perimeter * Physical Security * Risk * Operations * Analytics * Vulns/Threats * Threat Intelligence * Careers and People * IOT * Security Now * Omdia [mobile_clo] * About Us * Advertise [mobile_clo] [ ] _ [mobile_clo] * Facebook * Twitter * LinkedIn * RSS Dark Reading | Security | Protect The Business - Enable Access [DR_Newslet] [ ] Search Follow DR: _ _ _ _ _ Authors Slideshows Video Tech Library University Security Now Calendar Black Hat News Omdia Research THE EDGE Analytics Attacks / Breaches App Sec Cloud Endpoint IoT Operations Perimeter Physical Security Risk Threat Intelligence Vulns / Threats Application Security 1/26/2021 09:15 AM Kelly Jackson Higgins Kelly Jackson Higgins News Connect Directly Twitter RSS E-Mail [DR-comment]0 comments Comment Now Login [thumbs-up] 100% [thumbs-dow] 0% Tweet [flipboard_] [Reddit-30x] Startup Offers Free Version of its 'Passwordless' Technology Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy. A startup with the goal of eradicating passwords and led by Netscape founder Jim Clark and broadband network pioneer Tom Jermoluk today released a free version of its service that authenticates and authorizes users without the use of passwords. The free version of Beyond Identity's service includes support from the company during business hours and deployment to an unlimited number of users or customers. Beyond's technology, based on X.509 for asymmetric key cryptography and TLS for encrypted communications, makes the endpoint device its own certificate authority. The user's private keys, which are stored locally on the device's protected secure enclave section of memory, authenticate and authorize the user via Beyond's cloud-based service. Password management headaches and credential theft have long been one of the biggest challenges to organizations, and layering passwords with multifactor authentication (MFA) and other protections has become the norm. But as the recent SolarWinds attack believed to be out of Russia demonstrated, attackers can bypass MFA in order to capture or set up credentials inside their targets. +-----------------------------+ | Related Content: | | | | The Future of Account | | Security: A World Without | | Passwords? | | | | Special Report: | | Understanding Your Cyber | | Attackers | | | | New From The Edge: | | Comparing Different AI | | Approaches to Email | | Security | +-----------------------------+ Jermoluk, CEO of Beyond Identity, says the global pandemic and subsequent rush to send employees to work from home helped drive the decision to offer the startup's core technology for free to organizations. Cyberattacks rose last year, he notes, many of which targeted vulnerable and valuable credentials of work-from-home employees. "This lets us contribute to companies who are having this [password security] problem today with their remote workforce," he says, and allows them to use it "forever," without the need to sign up for Beyond Identity's paid service. "This is a piece of technology that solves a lot of problems, especially for SMBs [small and midsize businesses]," says Jermoluk. They don't need to manage any certificates or purchase any additional products to run it, he adds. "If you have Okta single sign-on, [for instance], you can turn [Beyond's service] on in 10 minutes," he says. The passwordless authentication technology piece of its identity platform service is now available at no cost for organizations to connect to their single sign-on apps to eliminate passwords, and for website or app providers to offer visitors or customers to their site or apps. Even so, Jermoluk emphasizes that the free version is not its "full-on product," but it does allow organizations to remove passwords and the associate risks that the aging authentication model brings. He says the goal is to usher in the passwordless era, where credentials aren't so easily and readily targeted and used to breach organizations and steal data. Richard Stiennon, chief research analyst at IT-Harvest, says Beyond Identity's freebie offering makes sense and jibes with the co-founders' roots. "The audacity of releasing a free product makes me take a breath: It reminds me of Netscape back in the halcyon days of the Internet bubble," he notes, in a nod to Clark's doing the same with the early Web browser. "This move should not have been a surprise. Also, it is what is required when there are so many identity solutions out there -- 309 by my count." Beyond Identity's advanced, or paid-tier, service includes authentication features that drill down on a device's security posture details and data; continuous authentication and risk policy enforcement; integration with mobile device management and endpoint detection and response (EDR) tools; integration with identity management, security, and compliance tools; compliance reporting features; and 24/7 support. Cloud-based data platform provider Snowflake recently rolled out Beyond Identity's full product service to its thousands of employees for its business applications, including Gmail, Slack, and Salesforce. The company has no on-premise servers: Its IT environment is mainly Microsoft Azure and AWS, as well as SaaS apps, notes Mario Duarte, vice president of security at Snowflake. Beyond Identity's passwordless service replaced Snowflake's password management tool and integrates with its Okta IDP. "It sits in front of Okta, and [Beyond Identity] takes care of authentication," Duarte says. Okta trusts Beyond Identity to confirm the user logging in is who they say they are, he adds. Snowflake has requested that Beyond Identity add a couple of new features, including one that allows them to sign code. When a programmer writes code and uploads it to Github or another code repository, Beyond Identity would allow that person to "sign" the code to authenticate it came from that programmer, he notes. Duarte says he thinks Beyond Identity will add that feature sometime in the first quarter of this year. Whether Beyond Identity's freemium offer helps move the needle toward eradicating passwords is unclear. Security experts say passwords aren't likely to die anytime soon. The company plans to add a consumer-level service that e-commerce or other organizations, such as gaming, insurance, or medical practices, can offer to their clients and customers, where there's no single sign-on like Okta sitting in the middle, Jermoluk says. "So anyone delivering a service function or app can offer a passwordless credential system," he says. Meanwhile, Beyond Identity recently a $75 million Series B funding round, bringing its total investment to $105 million. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio Recommended Reading: Comment | Email This | Print | RSS More Insights Webcasts Protecting Your Enterprise's Intellectual Property Strategies for Success with Digital Transformation More Webcasts White Papers A Technical Deep Dive on Software Exploits 2020 Cybersecurity Report Card More White Papers Reports How Data Breaches Affect the Enterprise (2020) Building an Effective Cybersecurity Incident Response Team More Reports [spacer] Comments Newest First | Oldest First | Threaded View [close this box] [spacer] Be the first to post a comment regarding this story. Hot Topics Editors' Choice 1 Attackers Leave Stolen Credentials Searchable on Google Kelly Sheridan, Staff Editor, Dark Reading, 1/21/2021 1 How to Better Secure Your Microsoft 365 Environment Kelly Sheridan, Staff Editor, Dark Reading, 1/25/2021 News Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation Steve Zurier, Contributing Writer, 1/13/2021 Edge-DRsplash-10-edge-articles Understanding TCP/IP Stack Vulnerabilities in the IoT Samuel Greengard, Freelance Writer, 1/13/2021 Commentary The Data-Centric Path to Zero Trust Altaz Valani, Director of Insights Research, Security Compass, 1/13/ 2021 Register for Dark Reading Newsletters Subscribe to Newsletters [spacer] Live Events [spacer] [spacer] Webinars [spacer] [spacer] More Informa Tech Live Events Strategies for Success with Digital Transformation Building the SOC of the Future: Next-Generation Security Operations ROI and Beyond for the Cloud [spacer] Webinar Archives White Papers A Technical Deep Dive on Software Exploits The Value of Threat Intelligence with DomainTools: Identify Threats 82% Faster SANS 2021 Cyber Threat Intelligence Survey What To Consider Before Renewing Your SD-WAN A Practical Guide to SASE Migration [spacer] More White Papers Video [video-arro] [image] SPIF: An Infosec Tool for Organizing Tools #0 Comments [image] Supporting Women in InfoSec #0 Comments [image] Ransomware Trains Its Sights on Cloud ... #16 Comments [image] Qualys Launches Free App for IT Asset ... #2 Comments [image] Virtual World of Containers, VMs Creates ... #2 Comments [image] Spirent Nixes Over-Reliance on Compliance ... #1 Comments [image] App Security Still Dogs Developers, ... #3 Comments [image] Cloud Services Require a Shift in ... #2 Comments [image] Regular User Training Most Effective ... #3 Comments [image] Analytics and Data Prove Effective ... #3 Comments [image] Time to Get Smarter About Threat Intel #4 Comments [image] Make DNS a Cornerstone of Your Cyber ... #1 Comments [video-arro] [spacer] All Videos Cartoon Contest Write a Caption, Win an Amazon Gift Card! Click Here [Jan21_DR_c] Latest Comment: We need more votes, check the obituaries. [spacer] Cartoon Archive Current Issue [TechDigest] 2020: The Year in Security Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year. Download This Issue! [spacer] Back Issues | Must Reads Flash Poll [spacer] All Polls [spacer] Reports [spacer] Assessing Cybersecurity Risk in Today's Enterprises Assessing Cybersecurity Risk in Today's Enterprises COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal. Download Now! [spacer] The Malware Threat Landscape [DR-comment] 0 comments [spacer] How Data Breaches Affect the Enterprise (2020) [DR-comment] 0 comments [spacer] Building an Effective Cybersecurity Incident Response Team [DR-comment] 0 comments [spacer] More Reports Twitter Feed Tweets about "from:DarkReading OR @DarkReading" Dark Reading - Bug Report Bug Report Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database CVE-2020-27295 PUBLISHED: 2021-01-26 The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). CVE-2021-22159 PUBLISHED: 2021-01-26 Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a ... CVE-2021-3308 PUBLISHED: 2021-01-26 An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors us... CVE-2020-27299 PUBLISHED: 2021-01-26 The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). CVE-2021-23272 PUBLISHED: 2021-01-26 The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on... Discover more from Informa Tech * Interop * InformationWeek * Network Computing * IT Pro Today * Data Center Knowledge * Black Hat Working With Us * Contact us * About Us * Advertise * Reprints Follow DarkReading on Social [Social-FB] [Social-Twi] [Social-LI] [Social-Fli] [Social-RSS] alt text of the logo * Home * Cookies * CCPA: Do not sell my personal info * Privacy * Terms Copyright 2021 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG. * * * To rate this item, click on a rating below. * ***** * **** * *** * ** * * * [close this box] * * To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item. * * If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service. * # Tweet This * [close this box] [spacer]