The Next Evolution of Authentication

Bringing identity proofing to Symantec SiteMinder

Readers of this blog won’t need much convincing that today’s digital threat landscape is complex and formidable. Where I expect to find more skepticism is around the prospect of a quick, simple, yet powerful security upgrade to your existing infrastructure.

You’re not wrong to be skeptical.

It’s exceedingly rare when two security technologies, from two different vendors, actually strengthen one another. Much more often the opposite is true, when a lack of identity continuity allows security vulnerabilities and usability barriers to take root in the small gaps between disparate identity systems.

But that’s what makes Daon’s new partnership with Broadcom Software, and our native integration with Symantec SiteMinder, so noteworthy. It really is a fast, simple, affordable way to make SiteMinder even better at what it already does so well—protecting the applications that your business relies on.

Authentication is nice, but is it enough?

SiteMinder has always been highly effective at ensuring that only users with the right identity credentials can gain access to your applications. It manages multiple types of authentication credentials and flow, applying the appropriate mechanism to balance security and convenience.

But in today’s world of ubiquitous password breaches, intercepted OTPs, and stolen devices, there is a quite reasonable and growing level of concern around the inviolability of those very credentials.

At any point along the user journey, how are we to be sure that the identity credentials meant for “Jane” are still, and solely, in her possession?

The Strengths & Weaknesses of Multifactor Authentication

Two-factor authentication solutions like Symantec VIP that utilize multifactor credentials and contextual risk analysis are a critical step in strengthening the authentication process and providing greater confidence that users are who they claim to be.

But this classic model of authentication—including even the strongest, most secure biometric authentication factors like fingerprint authentication—has a limitation. Authenticating that a user’s fingerprint matches the fingerprint on file does not, in itself, prove that the fingerprint belongs to a legitimate user (e.g., Jane). What if the person who submitted the original reference fingerprint was not actually Jane? Or what if someone other than Jane gains access to her account through other means and then changes the reference fingerprint to match their own?

A fast, simple, affordable way to make SiteMinder even better at what it already does so well—protecting the applications that your business relies on.

Consumer biometric authentication tools like TouchID and FaceID are plagued by this vulnerability. On an iPhone or Android phone, you can circumvent the biometric security with a simple password, then proceed in seconds to replace all the biometric reference data on that device. What seemed at first glance like robust biometric security is in fact nothing more than an elaborate password proxy.

And there’s a second problem, too.

As Katie Deighton recently wrote in The Wall Street Journal, “Consumers who use two-factor authentication are finding that changing a phone number or neglecting to write down recovery codes can leave them inadvertently locked out of online accounts.”

When authentication becomes too dependent on a trusted device, genuine SiteMinder users who lose a device, have a device stolen, or change to a new device may find themselves suddenly unable to access their SiteMinder-protected applications.

Introducing Daon Identity Proofing

Real-time identity proofing is the next step in the evolution of authentication. It requires a biometric factor (your face) that can be easily verified against a trusted source document (your government-issued photo ID)—something that’s readily available to users but that cannot be altered without detection. 

With ID in hand, a user can quickly snap some photos of the document’s front and back, and then a selfie. In seconds, machine learning algorithms will verify the document, match the selfie to the document image, and use “liveness detection” to prevent spoofing with a photo or video recording. Voilà—the user is authenticated as if they’d presented their credentials to you in person, but with the convenience that digital users have come to expect from all their online interactions. What’s more, this capability can be easily implemented into your Symantec SiteMinder environment through a simple, standards-based OIDC interface.

Your Path Forward

We couldn’t be more delighted that Broadcom Software chose to partner with Daon to bring this powerful capability to SiteMinder users everywhere. Broadcom Software selected us because we’ve been the global leader in biometric identity assurance for over two decades—chosen to secure over a billion identities around the world, performing more than 250 million authentications each day, and trusted by iconic international brands like American Airlines, Hyatt, PNC, Experian, Carnival, and hundreds more.

I hope you’ll watch the short video below for some additional information, and when you’re ready, we invite you to come learn just how easy and affordable biometric identity proofing can be by visiting us here.

Source :