No Phishing
Nearly 1 out of 3 data breaches involved phishing last year and phishing attacks in total increased by 65%. Trend Micro expects Business Email Compromise (BEC) attacks (phishing) to result in $9 billion of losses for businesses in 2018. IDEE’s Web Login prevents phishing because there are no credentials to be phished.
No Account Takeover
With account takeover, an attacker could change the password to lock the user out and then perform fraudulent actions such as making payments. With IDEE, it is impossible to hijack a user account without physical access to the user device and the strong factor used to protect access to the device. There are no credentials stored on servers or known to the user that attackers can obtain or phish.
Prevents the use of fake identity
New online accounts created from stolen identities can cause devastating damages to companies and individuals. When a user uses IDEE’s Instant Sign-Up or Instant Checkout to sign-up for a service provider, the existing KYC is cryptographically signed and sent from the data provider to the service provider. Thus, the service provider can be sure that this new account is created from a trustworthy source by a real user
No Formjacking / Malware recording input
Entering credentials manually opens your system to threats such as Malware recording the input. Attacks such as formjacking and keylogging increased and formjacking surpassed ransomware and cryptojacking as the top threat in 2018. With IDEE there is no manual data entry, no usernames and no passwords, so no Malware can record your login credentials.
Privileged account abuse prevention
Most systems can be easily bypassed with admin privileges. With IDEE’s admin bypass protection, service providers can check if the request was really initiated by the user. Attackers with admin privileges on IDEE’s servers cannot bypass, alter and / or influence access to a user account.
Always uses strong authentication
According to Microsoft, customers can cut their risk of account compromise by 99% by enabling MFA. With IDEE every authentication uses at least 2 factors e.g. biometric and possession of your phone. This ensures strong authentication with every interaction. When logging in with a QR code, it is additionally guaranteed that the user is actually in front of the device.
Defense-in-depth
Unlike other authentication solutions IDEE provides a verifiable assurance of the authenticated user to the service provider as part of the authentication response. This is an additional assurance to the service provider of the integrity, non-repudiation and provenance of the authentication.
No login credentials on servers
More than 1.16 billion email addresses and passwords were exposed in 2019. With IDEE, login credentials aren’t stored centrally. This means login credentials cannot be stolen from the service providers server even if there’s a breach. This also means that login credentials do not need to be changed when a breach happens.
End-to-end protection
Every communication is protected with end-to-end encryption, so eavesdropping is not possible.
No shared secrets. No tokens. No SMS codes.
OTPs and SMS codes can be phished through attacks such as real time phishing, hijacked and/or stolen from the service providers backend. With IDEE there are no shared secrets, tokens and SMS codes as used by other identity providers to patch passwords.
Based on proven and trusted technology
IDEE leverages public key cryptography and hardware-based trusted execution environment such as secure element/secure enclave and trusted platform module to establish and secure the user identity and authentication factors.
Remote logout from services
With IDEE, users can log out from their services remotely. This prevents unintended information disclosure and increases security.
