There is a new story of credentials being phished on a targeted basis, or even en masse, seemingly on a daily basis. With the unfortunate tendency many people have of reusing credentials across multiple sites, it is virtually a guarantee that some number of the almost seven billion credentials that are already known to be compromised will be used to access your site and services.
REL-ID slams the door shut on this risk and any exposure to credential compromise.
By most reports there are anywhere from 5 billion to 7 billion credentials that have already been compromise that we know of. Coupled with common user behavior of reusing credentials across multiple services, there's an excellent chance that the password some of your customers are using for your site have been compromised elsewhere and are waiting to be tried on you.
REL-ID's strong and passwordless authentication eliminates the need for credentials, and the attendant risk they pose for you and your services. You get strong authentication and no vulnerability to credentials compromise.
REL-ID turns your customer's mobile device into the strongest, safest, and most convenient form of MFA possible.
The heart of REL-ID's security model relies on the generation and distribution of unique keys that have a 1:1 relationship between the user/app/device and your service at Internet scale. This key, unkown to the user, represents a massive enhancement to the traditional multi-factor authentication model of Something You Know + Something You Have. The key represents a third and much stronger factor: Something You Have But Don't Know. Because the user doesn't know what their key is, it cannot be maliciously obtained using Credential Harvesting or any of the other common types of Credential Compromise.
Every third-party that plays a role in your security represents a point of disintermediation and a point of vulnerability in your architecture. Certificate Authorities (CAs) can be compromised and DNS can be poisoned, allowing someone else to spoof your services. Your CDN or VAN is explicitly allowed to be a Man-in-the-Middle (MITM) for your TLS connections, so a bad actor there can inspect every transaction to your site.
REL-ID eliminates the need for many third-parties, such as CAs, in your environment. DNS poisoning becomes irrelevant since your app won't connect to a fake site. CDNs and VANs will not be able to peer into the secure channel that REL-ID establishes between you and your client.
Bottom Line: REL-ID eliminates the security exposure from any necessary third-parties (e.g. DNS providers) and outright eliminates the need for many others (e.g. CAs).
With REL-ID, you can leverage your mobile app and the strong authentication we add to it as a global authenticator across every one of your channels. Doesn’t matter which channel the user comes through, they can authenticate themselves with a simple approval done on a device you trust. Eliminate passwords and 3rd party authenticators, stop using PII, make interactions faster and more consistent, provide your customers the assurance that they are safe, and increase customer satisfaction.