Marcin Szary at State of Identity Podcast

Marcin Szary at State of Identity Podcast by Liminal

Marcin Szary, Secfense CTO and cofounder was a guest at the State of Identity Podcast hosted by Cameron D’Ambrosi from the Liminal Strategy Partners site. Here’s a brief summary of the Secfense episode. To listen to the whole thing, please visit the Liminal page.

Introduction

Ensuring secure and reliable access to digital identities is paramount in a rapidly evolving digital world. Organizations seek robust authentication solutions to protect their sensitive data as cyber threats continue rising. In a recent podcast episode of “State of Identity,” Marcin Szary, the Chief Technology Officer at Secfense, discussed the challenges of password-based authentication and the potential for passwordless solutions to revolutionize the cybersecurity landscape. This blog post delves into the key takeaways from the Liminalm podcast and explores how Secfense is differentiating itself in the crowded authentication market.

The Persistent Password Problem

Passwords have long been the standard authentication method, but their inherent vulnerabilities have made them weak in cybersecurity. Despite numerous attempts to replace passwords, they continue to persist. Marcin Szary acknowledges the recurring prophecy of the “death of passwords” and highlights how the FIDO (Fast Identity Online) alliance and open specifications may finally succeed in eliminating passwords as the primary authentication factor and pave the way for a passwordless future.

Marcin Szary at State of Identity Podcast
Marcin Szary at State of Identity Podcast

The Promise of FIDO and Passwordless Authentication

FIDO, backed by industry giants like Google, Apple, Microsoft, Visa, and MasterCard, offers an open standard for strong authentication. Szary emphasizes that FIDO’s cryptographic-based identity and the use of public key cryptography have the potential to eliminate shared secrets, enhance security, and preserve privacy. The FIDO2 specification, in particular, introduces the concept of passkeys, enabling users to create secure identities across different devices and platforms. Passkeys offer a promising path toward passwordless authentication by removing the friction associated with traditional password-based authentication.

Binding Credentials to Individuals

One of the critical aspects of passwordless authentication is securely binding the credentials to the individual. Szary emphasizes that shared secrets have always been problematic, including one-time passwords (OTP) generated by mobile apps. FIDO2 credentials, on the other hand, leverage public key cryptography, ensuring that secrets are never revealed to third parties. Additionally, FIDO2 prioritizes privacy by design, ensuring that identities cannot be traced back to specific individuals. This privacy layer is a significant advantage, allowing application owners to authenticate users without needing to know their real identities unless required for specific use cases.

Secfense’s Differentiation and Approach

Secfense distinguishes itself from other multi-factor authentication (MFA) platforms by addressing the complex authentication requirements of highly regulated enterprises. Recognizing the heterogeneity of their customers’ IT environments, Secfense provides a unified intermediary layer that complements existing infrastructure. Instead of pre-built modules or connectors, Secfense takes a zero-knowledge approach, tailoring authentication solutions based on each organization’s unique tech stack. This approach allows them to secure applications that are difficult to modify or migrate to passwordless authentication. Secfense tackles the challenge of implementing strong authentication across diverse and complex IT landscapes by focusing on enterprise customers in regulated markets.

It is difficult for me to create a single governance process and framework that my whole company can use in one place I am having a hard time figuring out the cost to increase more security measures for my applications and overall organization. 4

Conclusion

As the demand for robust authentication solutions grows, organizations must address the limitations of password-based authentication. The emergence of passwordless authentication, fueled by the FIDO alliance’s open standards, offers a promising solution. Secfense, with its innovative approach and focus on complex IT environments, is positioned to drive the adoption of passwordless authentication in highly regulated sectors. Secfense enables organizations to strengthen their security posture without extensive modifications or disruptions by providing an intermediary layer that complements existing infrastructure. As the cybersecurity landscape continues to evolve, Secfense is at the forefront, revolutionizing authentication practices and paving the way for a passwordless future.

Antoni takes care of all the marketing content that comes from Secfense. Read More

Featured Articles

Keep In Touch

Read More

Passkeys and Regulatory Compliance: Aligning with PSD2, GDPR, HIPAA, and CCPA Standards

Passkeys, developed based on the FIDO Alliance’s FIDO2 and U2F standards, are cryptographic keys designed to replace traditional passwords, providing enhanced security without the vulnerabilities…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 7 MIN

How to implement 2FA without relying on mobile phones

Cybersecurity specialists working in enterprise environments are well aware of the importance of strong authentication methods like FIDO and passkeys. These technologies offer strong, phishing-resistant…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 4 MIN

Managing Authentication in the Aviation

Why Does the Aviation Industry Face Authentication Challenges? The aviation industry comprises a complex network of airlines, airports, third-party suppliers, government agencies, and other stakeholders….
Avatar of Antoni Sikora Antoni Sikora

READ TIME 3 MIN

Testimonials

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk

CEO

Sandis

We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT

MPEC S.A.