With the pandemic-driven proliferation of QR codes throughout day-to-day life in Western countries, including in sensitive applications like accessing medical records, cyber threat actors have predictably started to take advantage of the QR code scanning process. A wave of QR-related phishing attacks hit over the summer of 2022, with a good amount of media coverage following each detected instance.
User identities are at risk.
Digital transformation has been in overdrive in recent years with financial institutions rapidly adapting to consumer behavior changes, which have largely shifted from offline to online transactions. Simultaneously, enterprises continue to accelerate migration to the cloud to manage millions of digital identities across complex environments.
This paradigm shift coupled with unprecedented growth in digital activity has seen a corresponding increase in intensity and regularity of identity theft, fraud, and data breaches on a daily basis. Specifically, account takeover (ATO) fraud involving bots, phishing, social engineering, credential stuffing, and brute-force attacks to infiltrate systems to compromise user accounts is on a sharp increase.
Keyri, the QR code-based passwordless authentication provider, announced a new integration with Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, leveraging PingOne DaVinci, a no-code identity orchestration service. The partnership will allow Ping Identity customers to transform their login experience into a one-step biometrics-based process, enabling a seamless user experience while strengthening account security.
Keyri joins a growing network of technology partners developing integrations with PingOne DaVinci through the Ping Identity Global Technology Partner Program. Partner solutions that integrate with PingOne DaVinci deliver an improved customer experience in a fraction of the time, through easy drag and drop design of digital user journeys across multiple applications and ecosystems.
Today, we are excited to publicly announce the self-serve version of our QR authentication product. With this launch, developers behind companies of all sizes and backgrounds can now use the Keyri system to add a simple and secure form of passwordless authentication to their sign up, login, and transaction verification flows.
This marks a major milestone in our mission to reshape the customer journey for a digital first economy.
Keyri is an authentication company, providing customers with a simple and secure form of passwordless MFA via QR authentication.
No one cares! That’s not true, but essentially no one cares. Bringing up user security in an organization is like walking into a sports bar and talking about statistics. It matters, probably far more than the basic arguments being made in the bar, but does anyone in that bar really want to hear about stats? No. There are, however, large analytics departments in sports just as there are large security departments in companies. I suppose you could sell a security product to a security team, but if your product touches other departments like ours does, they certainly won’t care.
After quite a bit of hard work, Keyri is now SOC 2 compliant. Some might ask, why would an early stage company go through this process? The answer is simple in our minds. We are, first and foremost, a security company and feel adhering to the most stringent security standards is important for our customers, so it’s imperative that we adhere to those ourselves as well.
What is SOC 2 Compliance?
SOC 2 specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
A fully passwordless internet is a foregone conclusion. CTOs, CIOs, developers, and, most importantly, consumers are all aligned in wanting to phase out the clunky password-based authentication paradigm we have today to improve both security and user experience. What’s less clear is what the passwordless future will look like and how we’ll get there. Balancing security against ease of use, while accounting for learning curves, edge cases, and imperfect human behavior, requires a thoughtful approach to implementing innovative login mechanisms. QR login, leveraging biometrics-enabled smartphone apps with a password fallback, is the smoothest and most secure bridge for transitioning users to a fully passwordless experience.
Last week I tried to make a wire transfer. Simple enough, should have taken me two minutes. Needless to say, it didn’t. First, I pulled out my phone and logged into my banking app. It was easy – I entered my username and password once a few years ago and now I login by leveraging FaceID. It takes <1 second. I love it. Unfortunately, my bank’s mobile app doesn’t have great wire transfer functionality so I grabbed my computer to log in on desktop.
As first time founders, we’ve been heads down in product and development work and have unfortunately neglected our blog until now. It’s finally time for our first post!
We’ve learned a lot over the last year, from starting out with an authenticator app, to focusing on mobile SDKs, going through Y Combinator, and raising a seed round. We’ll do a separate blog post on our learnings, but we thought it would be helpful to first explain why we built Keyri, why we exist, and what we’re solving.