11 Aug

3 Min read

Nok Nok at the White House

August 11, 2023 Nok Nok News 0 comments

Discussion on how the Federal government can support and benefit from advances in phishing-resistant authentication.

Matt Lourie, Sr. Director of Engineering

Last month, Nok Nok Labs attended the White House Multifactor Authentication (MFA) Modernization Symposium. This event brought together government and industry leaders to discuss how to achieve full adoption of MFA across federal agencies, as called for in the Executive Order on Improving the Nation’s Cybersecurity.

Many government agencies currently rely on Personal Identity Verification (PIV) and Common Access (CAC) cards for employee authentication. However, these smart cards are not always convenient for remote access and everyday use. Connecting to a separate card reader can negatively impact user experience. As Deputy National Security Advisor Anne Neuberger noted, government policies should not create barriers to MFA adoption.

There was broad consensus among participants at the symposium that to fully implement MFA, the government needs to move beyond legacy technologies and embrace advanced standards like passkeys. Passkeys are a modern type of credential that can help government agencies finally achieve comprehensive MFA deployment. With passkeys, users authenticate using a cryptographic key pair stored on their device, rather than typing in a password, providing phishing-resistant security without the usability drawbacks of traditional second factors. Passkeys are already supported across major platforms and browsers and can be bound to a single device or synced across multiple devices, making them a practical path to securing access for employees, contractors, and citizens across all applications and environments.

It is clear that the transition to full MFA adoption will take thoughtful planning and cannot happen overnight. With over a decade of experience in authentication and as a founding member of the FIDO Alliance, Nok Nok Labs is well prepared to assist agencies throughout this process of transitioning to full MFA adoption. We understand the unique needs of the government and have solutions to deliver robust security and usability at scale.

While modernizing authentication is no small task, the White House symposium reiterated that it must be a priority if we are to defend our digital infrastructure in today’s threat environment. Public-private collaboration will be key to overcoming roadblocks on the path ahead. Nok Nok Labs looks forward to continuing to work with our partners across government as we chart the course to a passwordless future and a more secure online experience.

23 Jun

1 Min read

Cyber Hero Series – It’s a bird, it’s a plane, it’s Tushar!

June 23, 2023 Nok Nok News 0 comments

This week’s blockbuster premiere is a comedy, drama and a romance all wrapped in one with one of the perennial favorite actors, Tom Hanks – “Asteroid City.” And as is the case with any movie written and directed by Wes Anderson – there is a mix of styles and different time periods.

In today’s edition of the Cyber Hero Origins series, our second digital comic, we go back in time a little and look at how our Cyber Hero Tushar Phondge has spent a career eradicating passwords, working toward putting into the hands of individuals – not big companies – the control over the types of personal information that is shared. His mission – self-sovereign identity.

Nok Nok says THANK YOU, Tushar, for learning as a boy how to tinker with cars and applying that same passion to cyber security – evangelizing and implementing FIDO-based passwordless authentication solutions along the way.

13 Apr

7 Min read

Nok Nok Expands S3 Authentication Suite

April 13, 2023 Nok Nok News 0 comments

Nok Nok Expands S3 Authentication Suite to Meet the Needs of Government, Regulated, Payment, and E-Commerce Organizations

New capabilities include regulatory compliance and risk management, synced passkeys, secure payment confirmation, and more

San Jose, CA – April 13, 2023 – Nok Nok , a leader in passwordless authentication for the world’s largest organizations, today announced the latest release of the Nok Nok™ S3 Authentication Suite (S3 Suite) that delivers four new capabilities designed to meet the needs of regulated industries, payments markets, and e-commerce organizations. For government organizations or highly regulated industries such as healthcare, finance, and insurance, the new offering simplifies the ability to comply with security and regulatory requirements, including identifying known and unknown devices. Additional new features help e-commerce organizations reduce friction for consumers. Payment companies will also benefit with new features in the S3 Suite that address Secure Payment Confirmation (SPC) for approving high value financial transactions in web browsers.

With the increasing rise in cyber threats, security professionals are faced with heightened complexity. Not only are they navigating how to implement best practices and respond to federal mandates as they develop, but they also must be responsive to their own users and consumers without preventing their access to services or causing user friction. Organizations that are highly regulated industries are also under enormous pressure and must be prepared to respond to and comply with government and industry regulations. The Nok Nok S3 Suite leverages a wide range of authenticators, including biometric and non-biometric modalities to help meet regulatory compliance, address NIST SP800-63 and SP800-157 standards, and support various authentication needs. By integrating with an organization’s security solutions, the S3 Suite provides additional contextual information and leverages scores provided by external risk engines and behavioral biometric systems.

“The war against cyber criminals has not let up and the job of being a security professional continues to be more difficult as new mandates from the White House have been added to the list of compliance requirements. And if you are an international organization, EU and Asia requirements add to the compliance complexity. We are excited to address these compliance needs and broaden the reach of our technology into these regulated markets. Organizations operating in finance, enterprise, e-commerce and government are up against increased pressure to comply and regulation is only expected to become more stringent in the years to come,” said Phil Dunkelberger, CEO of Nok Nok. “We co-founded the FIDO Alliance to make it easier to implement strong, passwordless authentication solutions for consumers and enterprises. Now, we are expanding our offering to companies in key regulated sectors that need to be able to quickly and efficiently respond to the evolving regulations coming from the US and foreign governments.”

New government and regulated industry support includes:

Passkeys. With the rise in adoption of synced passkeys, regulated organizations need to be able to understand whether users are using their passkey with a known device or on a new device. When new devices are introduced for the first time, regulated organizations typically need to trigger additional verification steps to ensure the device belongs to the legitimate user. With the Nok Nok S3 Suite v9, organizations can easily configure authentication rules that detect the use of new devices and configure methods in order to verify whether the device is used by the legitimate user.
Support for Security Key Tracking and Inventory. New capabilities allow organizations in highly regulated industries such as healthcare, insurance and banking, to monitor and track users that are using the security key(s) they were given by their employer. With these new product features, organizations can “attest” that a user is using the security key they were issued – not a third party key – and meet security and regulatory requirements.

New E-Commerce and Consumer support includes:

Synced passkeys. Asking users to provide a password reduces enrollment conversion rates and requiring a password at checkout negatively impacts the checkout conversion. Today’s release of the S3 Suite with synced passkey features allows consumers from any of their devices to access e-commerce sites by easily signing in using biometrics instead of using a password. Additionally, the synced passkey feature enables merchants to reduce friction at sign-up, making it easier to engage personally with the customer, enroll them in loyalty programs, automate billing, and collect specific data which has become more difficult with 3rd party cookies being deprecated.

New Payment support includes:

Secure Payment Confirmation. While today’s strong customer authentication two-step-verification is more secure, it is still perceived as inconvenient to the consumer. The introduction of W3C Secure Payment Confirmation (SPC) into the S3 platform is similar to integrating a POS terminal into your browser that allows the user to use device biometrics instead of a card and (one-time) PIN. Support for SPC has been added to the EMVCo 3D Secure specification that is widely used for online card payments. For customers in the buying process, SPC dramatically cuts down on friction. This new SPC method extends the existing transaction confirmation capabilities of the Nok Nok S3 Suite making it the first choice for banks, payment service providers, and e-commerce merchants intending to implement delegated authentication.

“We have heard it said many times, removing passwords can improve time and effort spent handling password resets and account lockouts ; it reduces friction and improves the user experience, and it can drastically reduce risk,” said Jack Poller, senior analyst Enterprise Strategy Group. “As easy as it sounds, the complexity of replacing passwords while still staying compliant in regulated industries or meeting government regulations can be very complicated. Leveraging its history delivering FIDO-based strong authentication into enterprise and consumer markets, Nok Nok rolls out a set of capabilities that will ease the replacement of passwords in some of the most demanding environments. IT and security operations are trying to handle increased complexity in their environments every day; standards-based, passkey solutions should be high on their lists for first defense.”

The Nok Nok S3 Authentication Suite includes an Authentication Server and App SDKs for mobile, web and smartwatch applications. It leverages the security capabilities already present on a user’s device to bring strong and convenient authentication to any application. The S3 Suite enables organizations to easily turn a user’s device into a strong, multi-factor authentication method through support for all FIDO protocols, including passkeys.

With the S3 Suite’s rich set of capabilities, organizations can support the full customer lifecycle from frictionless on-boarding, progressive profiling, easy bootstrapping of new devices, account recovery, suspension and deprovisioning of users, to call center authentication support.

Press assets:

Learn more about the latest Nok Nok Authentication S3 Suite.

About Nok Nok

Nok Nok is a leader in passwordless customer authentication and delivers the most innovative FIDO (Fast IDentity Online) solutions for the authentication market today. Nok Nok empowers organizations to dramatically improve their user experience and security, and reduce operating expenses, while enabling compliance with the most rigorous privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-enabled passwordless customer authentication. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in next-level, multi-factor authentication. Nok Nok’s global customers and partners include AFLAC Japan, BBVA, Carahsoft, Fujitsu Limited, Hitachi, Intuit, Mastercard, MUFG Bank, NTT DATA, NTT DOCOMO, Standard Bank, T-Mobile, and Verizon.

For more information, https://noknok.com/.

17 Feb

1 Min read

Nok Nok Featured on Keen On

February 17, 2023 Nok Nok News 0 comments

Nok Nok on KEEN ON. When Will Silicon Valley Fix its Annoying Password Problem? Nok Nok’s Phillip Dunkelberger on digital technology that might finally kill the online password as featured on the KEEN ON podcast with Andrew Keen. In this KEEN ON episode, Andrew Keen talks to Nok Nok CEO Phillip Dunkelberger on digital technology that, he promises, will finally kill the online password.

View more KEEN ON content here and enjoy additional Nok Nok Videos here.

25 Jan

3 Min read

Cross-Device Authentication

January 25, 2023 Nok Nok News 0 comments

Welcome to the Nok Nok Video Learning Series. We will look into passwordless authentication, one of the cool new technologies to make authentication more convenient, and more secure. Our focus today are Cross-Device Authentication user experiences. In the previous video, we created a passkey on a smartphone. In this video, we will see how we can authenticate a session on a laptop with this passkey.

A recent development is the Multi-Device Credential. In our previous video we created such a Multi-Device Credential on a smartphone. This credential is a kind of passkey that can be backed up from one device and stored to another. In practice, this is often enabled using trusted cloud services such as Icloud Keychain. This passkey was automatically restored to my laptop. Now I can use this passkey in my laptop to securely sign in without a password. This credential sync works across devices on the same device family. For example, all my Apple devices today. Other platforms are in the process of adding this feature as well.

There is another approach that works across device families. For example, to use a passkey on your smartphone to authenticate your laptop session. This approach lets you use your smartphone as a security key with the passkey remaining on the smartphone but being used by your laptop. To securely bind your smartphone and laptop, typically you scan a QR code shown on the laptop. Then the smartphone and laptop communicate over BLE to ensure physical proximity. Some smartphones remember the QR code binding and don’t require it for subsequent authentications.

Here is a third cross-device authentication method. This is an Out-of-Band method that works across all device families even smart TVs and similar devices. While it doesn’t verify the physical proximity of the two devices, it requires no special support in the primary device. A QR code is displayed on the primary device and scanned by your smartphone. This invokes the passkey on your smartphone to authenticate the session on the primary device.

Our last cross-device authentication method in this video is Push-Out-Of-Band. This method, like the previous one, doesn’t verify device proximity. And it works across all device families without special support in the primary device. You enter your user name on the primary device and the server sends a notification to your smartphone. This triggers the use of your passkey and authenticates the session on the primary device.

We have shown the user experience of major passwordless-flows using one of our DEMO applications. Nok Nok’s next generation platform allows you to easily implement and deploy passwordless authentication to internet scale. This helps you to improve the customer experience, reduce fraud and operating costs, and enable your organization to be passwordless.

23 Jan

2 Min read

Same-Device User Experience

January 23, 2023 Nok Nok News 0 comments

Welcome to the Nok Nok Video Learning Series. We will look into passwordless authentication, one of the cool new technologies to make authentication more convenient, and more secure. Our focus today is the Same-Device User Experience. To onboard new users, you can ask fewer questions providing a simpler experience for accessing your digital services, called progressive profiling. This can be done on any device for web apps and native apps. In this device, we use a web app on IOS using the Safari browser. We ask the user to register a passkey even before we run an identity verification process. So the user can resume the sign up process at any time in the case of hiccups.

In practice, banks will run a document-centric ID proofing process. But for simplicity in this demo, we only use a simple email OTP binding. Behind the scenes the user is bound to the device with a FIDO passkey, turning devices into a possession factor. Your user can then sign in securely and easily the next time. This improves the authentication success rate and reduces the authentication time. The passkey credential is shared on the same device making it seamless to switch between web apps and native apps. As a result, the Same-Device User Experience has the same convenient and phishing-resistant authentication experience in the browser and the native app on the same device. In our next video, we will focus on the Cross-Device Authentication Experience.

12 Jan

1 Min read

Customers Don’t Need a Password

January 12, 2023 Nok Nok News 0 comments

In this video, we discuss how your customers don’t need a password with a passwordless authentication solution from Nok Nok. Eighty percent of all cybercrime starts with stolen passwords. Beyond that your customers hate passwords, forget passwords, and use up your valuable resources to reset passwords. But with Nok Nok’s solutions, your customers don’t need a password. That’s because Nok Nok provides passwordless authentication, including expert support for passkeys, that allows customers to easily and securely access your services. That saves time, saves money, and improves the trust your customers have placed in your brand. Choose the company with the largest banks, telcos, and financial services trust to protect their customers. Choose Nok Nok, the global leader in passwordless authentication.

Connect with us on Linked IN

Schedule a Free Learning Session

23 Jun

3 Min read

Learn More About Passwordless Authentication With This Master Class

June 23, 2022 Nok Nok News 0 comments

More businesses are seeing both the convenience and cost benefits of integrating devices and data and cloud-based application and storage systems. After all, if an employee working abroad needs to access data, it’s more efficient to be able to do so from a smartphone with access to an online database than it would be for that employee to have to return to the home office and access the data from their own desktop computer. However, this convenience means that there needs to be more consideration for cybersecurity, which can be a serious vulnerability for many companies.

If you’d like to learn more about how authentication failures affect businesses and how passwordless authentication can overcome these challenges, register for a free Live Masterclass Webinar:

Topic: The Cost Of Password Authentication Failures

Day: Tuesday, June 28

Time: 2:00 pm, EDT

Topic: The Cost Of Password Authentication Failures

Panelists:

Jim Delli Santi: VP Marketing/Strategy Nok Nok Labs

Phil Dunkelberger: President/CEO Nok Nok Labs

Larry Ponemon: Founder/Chairman Ponemon Institute

Attend this webinar and learn to balance strong security with ease of accessibility.

Older Security Is Vulnerable Security

Cybersecurity is only as robust as the people willing to follow its guidelines, which is where passwords, one of the oldest security measures, can fail. Current recommendations for passwords are that they are “strong,” which often means a long string of 8-16 randomly selected alphanumeric characters, making it almost statistically impossible to guess.

However, this recommendation can be difficult to follow since it also means passwords that are challenging to remember. Some will ignore the guidance in favor of easy-to-remember passwords, such as names, phrases, or other mnemonic triggers, which are also easy to guess.

Disruptive Consequences

Authentication disruption can occur on both sides of a business. A client or customer that ignores protocol can have weak passwords stolen or compromised. This can result in losing account control, sometimes funds, and eventually, trust in the company.

However, enforcing a strong password protocol can also result in customer loss. Hard-to-remember strong passwords can sometimes result in multiple log-in failures or even be so difficult they discourage clients and convince them to take their business elsewhere where protocols are less stringent and more vulnerable.

The Financial Consequences

Another area where cybersecurity disruptions can have a significant negative impact is work efficiency. Disruptions can be as minor as a build-up of inefficiencies or outright failure due to security disruptions. On the most extreme end, however, criminal activity like “ransomware” can lock users out of their data until money is paid to the hackers to revert control.

21 Oct

1 Min read

Meet Nok Nok at Money 20/20 Las Vegas

October 21, 2021 Nok Nok News 0 comments

Nok Nok is at Money 20/20 in Las Vegas from October 24 through October 27, 2021. If you are attending Money 20/20 in Las Vegas, this is your opportunity to experience a demo of just how easy a completely passwordless experience can be across any application, and on any device at the Nok Nok booth (#2428). You will also learn how the Nok Nok S3 Authentication Platform can vastly improve your customer onboarding, sign-in, and payment transaction success rates all while dramatically reducing your threat surface.

Over a decade ago, Nok Nok was one of the inventors of the FIDO Standards LINK, that are now being deployed in virtually every operating system in every type of consumer endpoint device today – including bank cards and credit cards LINK.

Nok Nok customers have accelerated success in their digital transformation initiatives with passwordless implementations worldwide and scaling well into the hundreds of millions of users. Click HERE if you would like to learn more or schedule a meeting when you visit Nok Nok at Money 20/20 in Las Vegas.

Contact Us

Latest Posts

Navigation

About Us

Recent posts

Missing the Forest for the Trees

Nok Nok’s FedRAMP High Journey: Next Step in Federal Cybersecurity