Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with Cisco Duo to revolutionize Multifactor Authentication (MFA) with the industry’s first hardware-independent roaming MFA solution. With this unique integration, Duo and Badge are setting new standards for what’s possible in secure, efficient, and user-friendly identity and authentication solutions.
Cisco Duo’s blog post announcing the new Badge and Duo integration says, “Badge helps Duo strengthen its security posture with a seamless MFA experience that’s both portable and resistant to phishing, while also enabling a truly passwordless user experience.” The piece explains that MFA is an important security tool to combat unauthorized account access, however, it is not infallible. Traditional hardware-based MFA is high friction, can disrupt operations, and the resulting employee workarounds significantly increase the attack surface for security breaches.
Additionally, the two-factor authentication (2FA) market is becoming increasingly commoditized with the service now being included in popular applications from large technology providers. In the last year, 16 billion authentications passed through Cisco’s Duo Authenticator product, the vast majority of which are virtual and remote desktop authentications requiring users to be in possession of a second device, which is not always available or allowed depending on the environment. This has created a large, unsolved market need that Badge is uniquely positioned to address. As Ginger Leishman, Cisco Duo Technology Partnerships Manager, explained: “This reliance on specific hardware, called device dependency, is a pain for user experience and impacts security when users are forced into fallback authentication flows. With Badge, the device dependency is gone — people are their own roots of trust, rather than just a device or token.”
Badge enables Cisco Duo to unlock new identity and authentication use cases while reducing friction and enabling seamless, passwordless enrollment using verifiable credentials (VCs). Badge leverages the initial identity verification (IDV) enrollment, and from there the user can authenticate to access this credential anywhere, anytime, on any device. There is no need for repeat IDVs throughout the user lifetime journey, which reduces user frustration and increases cost-effectiveness for Cisco Duo.
“With Badge’s novel privacy-preserving authentication, Cisco Duo users can access any device or application without storing user secrets or private keys,” stated Dr. Tina P Srivastava, Co-Founder of Badge. “This eliminates the friction and cost burdens associated with traditional MFA methods like tokens and repeated phone re-registration. Additionally, by removing reliance on physical devices and insecure account recovery processes, Badge and Duo are raising the bar, making it harder for attackers to gain unauthorized access.”
As Cisco Duo posted in their blog, when users are in device-not-present situations, like when a mobile phone required for an MFA push is lost, broken, or unavailable, the fallback is usually a phishable, high-friction account recovery process. Not only is this bad for the user experience, but it’s bad for security too – as account recovery is increasingly becoming the front door for attackers and phishing. Recent high-profile attacks in healthcare and entertainment demonstrate this growing threat. In the piece, “Badge Integration with Cisco Duo Delivers Unique Hardware-less MFA Experience,” Cisco Duo’s blog points out that Badge eliminates disruptions and the need for account recovery, significantly reducing the risk of fraud.
“Duo can also operate as a certified passkey provider leveraging Badge, extending the password-less capabilities of Duo,” said Ginger Leishman, Technology Partnerships Manager, Cisco Duo. “Unlike other passkey models, the Badge integration with Duo does not require users to cede trust of their key trees or login credentials to a centralized authority.”
She also expanded on how Duo users leveraging the Badge passkey implementation benefit from a trust model where users can establish key provenance and maintain control over their authentication keys, enhancing security and privacy. With Badge, users enroll once, and may access their passkeys on any device (including across Apple, Microsoft and Google ecosystems).
With today’s announcement, Cisco becomes the latest member of Badge’s partner network, which also includes marquee identity partners, Okta/Auth0, Radiant Logic and Ping Identity.