Concept: Manhattan-based Transmit Security offering customer and workforce identity and access management solutions launched BindID to offer a password-less security landscape. The app-less mobile authenticator can help software developers authenticate users with the same biometrics registered to their mobile devices.

Nature of Disruption: Leveraging BindID, developers can deploy “login with mobile” button at the top of websites. Upon tapping that button, it calls BindID using OpenID Connect (OIDC), an identity layer architected on top of the OAuth 2.0 protocol. It pops up a QR code, which the user scans with their smartphone to open a web browser that supplicates the device’s predefined biometrics. However, the user must register each online account with BindID for the first time they approach an online service. Upon initially accessing a BindID embedded website, they must provide their login credentials to register their biometrics. Post that, they don’t have to provide any further credentials while accessing that online service on any device. BindID also functions on mobile phones, either in a browser or a native app. It requires configuration in other environments as in call centers. An interactive voice response (IVR) could request a caller to identify themselves using biometrics by providing an SMS link. It would then scrutinize their device’s biometric authentication capabilities to notify the call center about the user’s authenticity.

Outlook: Since biometric data is unique to individual users, biometric authentication is generally more secure than conventional forms of multi-factor authentication. Transmit Security anticipates BindID to be initially adopted by consumer-facing services searching for an easier way to incorporate biometric authentication technologies into their software, but the company is planning to reach a wider market. BindID is currently being tested by some major Fortune 100 companies.

This article was originally published in