Zumigo introduces QR code for passwordless login
Zumigo launched a functionality within the Zumigo Assure Authentication product that facilitates the transfer of verified trust from a user’s mobile phone to a desktop, laptop and tablet.
The functionality is made possible with a crucial new feature – using QR code as part of the authentication process – which also enhances the product’s passwordless sign-in capabilities for secure online account access from any device.
Zumigo Assure Authentication provides the day-zero authentication for step-up security when signing up for or signing into online accounts. Through the authentication of an authorized user’s mobile number using silent authentication, and/or one-time passcodes via SMS, SMS link, voice, and now QR code, Zumigo verifies that the user is in possession of their device.
Together with the product’s cryptographic SDK capability, Zumigo improves the security of the device and accounts without relying on passwords, thereby delivering a protected and simplified consumer experience at the same time.
“Zumigo is amplifying the highly desired features of a fraud prevention solution in Assure Authentication: low false positives and low user friction,” said Chirag Bakshi, CEO of Zumigo.
“Now, with the new feature of QR code, the product – first in the industry – allows the authenticated trust of the user’s mobile identity to be transferred to their desktop, laptop, or tablet for online account access and transactions. Businesses can now enable consumers to bypass the sign-up and sign-in processes that rely on passwords while significantly reducing the risk of fraud,” added Bakshi.
This new functionality is a response to businesses that want high security in building trust with their consumers without sacrificing the frictionless customer experience. Many traditional authentication methods on their own are either high-friction, inaccurate, or easily hacked.
For example, using passwords to sign-in to online accounts or make payments is the common method, but they are vulnerable and easy to crack, accounting for over 60% of breaches due to hacking. Multi-factor authentications sent without confirming ownership of the phone number allows account takeover attacks (ATOs) to succeed. Authentications relying on IP address, anonymous IPs and VPNs are unreliable as they can be proxied.
Emails and email accounts can be easily hacked. Government ID documentation is high-friction and can be forged easily. Predictive or historic behavior data methods can be inaccurate as they don’t have access to real-time information.
These methods also cannot pass the authenticated trust from one device to the other. Users are required to sign-in or sign-up separately and repeatedly if they move from device to device, forcing users to memorize multiple passwords for security’s sake.
With this new capability, Zumigo Assure Authentication addresses these pain points and provides consumers with a frictionless, yet highly secure method of signing in to online apps and accounts across work stations.
The new QR code feature also offers a highly reliable, accurate, and a familiar way for consumers to authenticate accounts without using passwords. Zumigo partners can increase security for their consumers with a frictionless experience.
Built upon industry standards and best practices in support of National Institute of Standards and Technology (NIST) cybersecurity guidelines, Zumigo is advancing the cybersecurity domain with this launch.