EY StartUp Talk with Secfense and BNP Paribas Poland

Highlights from the EY StartUp Talk with Secfense & BNP Paribas Poland

EY StartUp Talk

EY StartUp Talk is a periodic program organized by EY Poland as part of the EYnovation program. Leading technology companies and organizations that have implemented innovative solutions are invited to the podcast, which has been running since 2018. Invited guests tell how new technologies affect the development of organizations.

Secfense, as an innovative technology company, was invited to the EY StartUp Talk with its client the bank BNP Paribas Poland. The program featured Leszek Zalewski, senior security architect in the cyber security team of BNP Paribas Poland, and Tomasz Kowalski, CEO of Secfense. The program was hosted by Michał Piętka – EYnovation Leader. The entire episode titled EY StartUp Talk: Multi-Factor Authentication (MFA) – a direction of change or a real need of today? can be listened to on EY’s website. Below are some selected excerpts from the podcast.

Why did the bank BNP Paribas Poland choose Secfense?

Michal Piętka: All right, this certainly won’t be much of a surprise but, the Secfense solution has been implemented in your bank. What important or what benefits does working with a company like Secfense bring to your organization?

Leszek Zalewski: Secfense’s product is interesting enough to enable us to implement multi-factor authentication in legacy applications, that is, applications we have had in our infrastructure for a long time. What Tomek mentioned is that some of the applications we use daily are offered in the SaaS model and already have the option to use an additional authentication component. These applications, however, are developed on an ongoing basis. A bank, especially a bank like ours that has been growing for many years through the acquisition of other banks, has a portfolio of internal applications, and a lot of these applications are no longer being developed on an ongoing basis. They are in an archival formula to provide access to information that will be, according to legal requirements, necessary for many, many years to come and may be written in technologies that are no longer being developed. Secfense’s product can allow us to implement multi-factor authentication even in these applications. And thanks to that, we don’t have to invest in the development of these applications and raise the security level significantly without a huge investment in the very limited resources of application developers.

click CC for English subtitles

Is Secfense necessary if I already have Windows Hello?

Michal Piętka: All right, I’ll try to surprise you with my question. Windows Hello… Why would companies choose to implement your solution when Windows 10 equipped computers already have this functionality, Windows Hello?

Tomasz Kowalski: Windows Hello is a part of the ecosystem that comes with Windows itself. Many users don’t even realize that such a component is there. Windows Hello is used to help you log in securely to your workstation. Well, that’s basically where the adventure with Windows Hello may end. Because while we log in securely to our workstation we still use applications that someone can try to log into from the outside. So it’s at the application that you have to build mechanisms that can take advantage of what you already have and let in that user who has authenticated once at their workstation, for example. So to put it simply, we are building a solution that can take this local authentication from the workstation to the entire ecosystem of our applications in the company.

Michal Piętka: So, to sum it up in one word – Windows Hello in no way precludes the need and possibility of a Secfense solution.

Tomasz Kowalski: Yes, because (Windows Hello) is one component of strong authentication, while Secfense is a platform that allows you to use any component. Today we are talking about Windows Hello on the computer, we can talk about the biometric mechanisms on the phone. It doesn’t matter, it’s just this component that is the second factor that we authenticate ourselves with, the additional component. Secfense, on the other hand, is the kind of platform that can use this very component to make it just as secure to log in to any corporate application.

click CC for English subtitles

Why is passwordless the future of authentication?

Leszek Zalewski: The passwordless approach and the abandonment of passwords is the direction of the future, not only according to us but also according to the major players in the market. For instance, Apple, at the recent launch of its new operating system for iPhones revealed a new feature they would like to promote, which will involve giving up passwords when interacting with various applications on the Internet. This, from our perspective, is also the direction we would like to go internally. Tomek mentioned passwords that can be unchanged. I would add a simple reuse of passwords where as humans, we are comfortable and have a problem remembering many different passwords and do not follow recommendations such as using different passwords in each application, especially between private and business life. The elimination of passwords from our lives will certainly make it easier to increase our security.

click CC for English subtitles

How to choose a cyber security provider?

Michal Piętka: What factors determine which technology provider we should opt for?

Leszek Zalewski: This is, in my opinion, a very complicated question and hard to answer in one sentence. There are a lot of large companies on the market that have been providing cyber security solutions for years. There are also a great many startups that are much more flexible and deliver their products more targeted to specific niches that may be lacking in the market, and this is a difficult task. We, as a bank, are fortunate to have a team of people who can take care of verifying the available solutions and checking whether these solutions fit our needs, and verifying that the promised functionalities really coincide with what is in the advertising leaflets.

click CC for English subtitles

How often does an employee use 2FA during the day?

Leszek Zalewski: The frequency of necessary re-authentication and use of the second component mainly depends on the sensitivity of the data that the application contains. If the application contains data that is not often modified and does not involve financial data or confidential data of our customers is in a slightly smaller interval. At the moment when we are talking about applications that can handle transactions, it is already a slightly different requirement for security, and here it is much more common. But we have tried to balance safety in use with usability, and I think that so far our employees are satisfied with what we have achieved.

click CC for English subtitles

What does 2FA onboarding look like in a large organization?

Leszek Zalewski: In this case, it is so that it is a little broader than a single communication. We are constantly trying to raise the level of IT security knowledge among our employees on an ongoing basis. Not only among IT staff but especially among employees who have contact with the customer, who, if anything, can also warn the customer of the risks to which he or she may be exposed. As for the implementation of the application itself here, we did some awareness-raising, and of course, we didn’t do it with one big storm of new notifications but rather approached it in such a way that the implementation of multi-component authentication was introduced slowly on successive applications with different sensitivities and each time the information was dedicated to only those employees who will be affected, because I believe that over-saturating with messages only results in emails or notifications going to the trash and not being read. That’s why we also wanted to approach it in such a way as to limit the number of communications, as well as to arrange for employees to ask questions. If they are curious about this solution or have any doubts. For a long time, we talked with the owners of the products that will be affected by the implementation of the new solutions and also listened to their comments and objections. Also, here, we had great support from Tomek and his team in that they listened very carefully to our comments suggestions and very quickly made modifications to the product, which it seems to me was with benefit not only for us but also for the quality of their product.

click CC for English subtitles

Antoni takes care of all the marketing content that comes from Secfense. Read More


We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk



We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director


Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera


Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT