Secure and simpler authentication
A next-generation of ubiquitous, phishing-resistant, strong authentication to protect the digital identity of internet users worldwide.
"Microsoft has been a preeminent advocate of FIDO Alliance's mission to move the world beyond passwords."
CMO of the FIDO Alliance
WHY BIOMETRIC-BASED FIDO2 SECURITY KEYS ARE PREFERABLE PASSWORDLESS LOGIN SOLUTION TO A NON-BIOMETRIC KEY?
Ensurity's ThinC-AUTH is a privacy & security enabler and is ultra-secure hardware-based Security Key for online identity & authentication with onboard 360° Fingerprint touch sensor.
Configurable Security Key
With a biometric touch-to-authenticate, the multi protocol ThinC-AUTH protects access to computers, online services, and networks.
Strong biometric technology makes ThinC-AUTH Security Key one of the most secure hardware tokens. The biometric module prevents any misuses of the Key from unauthorized Users other than the valid user. No security risk in case of losing the Key.
Strong Security Architecture
The core functionalities of the embedded security chip of ThinC-AUTH is to encrypt, store and validate your fingerprint templates. Once enrolled, it is impossible for someone to reverse engineer your fingerprint data from the protected storage.
AES, HMAC, ECDH achieves high-level security to User and Key.
Single Key for hundreds of services
Passwordless authentication to Windows 10 systems (connected to Azure AD); multiple PC platforms; and multiple FIDO2 enabled web applications.
We offer customization options for casing-colors, engraving, and packaging.
ThinC-AUTH Biometric Security Key
Security AlgorithmECDSA, SHA256, AES, HMAC, ECDH
Working CurrentStandby: 80mA
Working Temperature(-10°C to 45°C)
Storage Temperature(-20°C to 70°C)
LED Lights2 multi-color LEDs
Fingerprint Module in ThinC-AUTH
Image Pixel160 x 160 pixels with 8-bit depth
Fingerprint SensorCapacitive 360° Touch Fingerprint Sensor with Ultra-low power consumption
Sensor ProtectionIntegrated conductive bezel
Sensor QualitySuperior 3D image quality
Server Service LifeMore than 200k times
Storage5 fingerprint templates
False Accept Rate<0.001%
False Reject Rate<1%
Recognition Time<0.6s (for 120 finger points)
ESD rangeIEC61000-4-2, level X, air discharge (±30 kV)
In a traditional authentication, the user types in his credentials on the device/browser then the browser sends those credentials to the server for user verification. However, that’s not the case for passwordless authentication where no password is sent over the internet.
Only the assertion generated by the authenticator is sent to the Relying Party (server) and the authentication is done on the authenticator level using the biometrics on the ThinC-AUTH Security Key. From a security perspective, the user credentials can’t be technically leaked or brute-forced since there’s no password to compromise. For biometrics, only the templates are registered, which are encrypted and stored within the Security Key and will not be accessible for external usage. This user-friendly process drastically reduces the risks associated with human error in cybersecurity.
Inadequacy of passwords
How many times are you unable to use digital applications because you’ve forgotten your password? From dozens of passwords for everything from social media sites to shopping, company, and productivity-related platforms like Github, a large part of our day is spent dealing with passwords.
Recent research delving into passwords found that an alarming 78% of respondents use an insecure method to help remember their password, with 34% admitting to using the same password for multiple accounts.
Poor password hygiene presents a significant security risk for organizations. According to the 2019 Verizon Data Breach Investigations Report, 80% of hacking-related breaches involve compromised or weak credentials, while 29 per cent of all breaches involved the use of stolen credentials. The consequences of a breach can be catastrophic, with the average cost of a stolen record $148, and the total cost incurred from a data breach averaging at $3.86m - far from small numbers. Despite this, 65% of organizations do not even check employee credentials against common password lists.
Securing WWW with password-free authentication
Overcoming the reliance on passwords is not going to happen overnight, but with technological advancements, such as FIDO2, there is finally encouragement for a passwordless future.
FIDO2 is a phishing proof, passwordless authentication protocol developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C) , and the main goal of this project was to create a strong authentication standard for the web. In March 2019, W3C announced that WebAuthn is now the official web standard for password-free login. At its core, FIDO2 consists of a mixture between the W3C WebAuthn standard and the FIDO Client to Authenticator Protocol (CTAP).
How does FIDO2 work?
There are three major players in the FIDO2 Workflow:
The WebAuthn Relying Party (The website we’re authenticating to)
The client or the browser who will play the role of the middleman
The FIDO2 Authenticator (ThinC-AUTH Biometric Security Key)
Here’s how it generally works:
Registration would be enrolling a new Security Key to your account for future use and authentication would be using that Key to prove your identity.
User sets a PIN and enrol fingerprints to ThinC-AUTH. Setup is inbuilt in Windows 10 Ver 1903. For other Operating Systems, User can download a ThinC Tool from www.ensurity.com website.
User visits the FIDO2 enabled website and enables two-factor authentication and configures 2FA with FIDO2 Security Key.
For the login process, User visits the website and clicks on the login button.
The server generates a challenge and sends the browser a list of credentials that are registered to the user. It also contains information on the authenticator device (for example whether the device connects over USB or BLE, etc.)
Browser asks the authenticator to sign the challenge.
Authenticator requests the user to tap on its biometrics 360° touch sensor to verify.
A signed assertion is created using the private key and is sent to the relying party for verification.
The relying party verifies that the assertion contains the expected source and challenge and if everything is validated it, the authentication will be successful. If not, it will be prevented as it will be considered a phishing attack.
- Enroll your fingerprints to the device. You can either use the built-in configuration tool in Windows 10 Rel 1903 or you can download a configuration tool from Ensurity website — https://thinc.ensurity.com/#downloads.
- Register your ThinC-AUTH Security Key with the account you want to secure. Or activate the device by registering with ThinC-AUTH tool or Windows 10 Ver 1903.
- Whenever you sign-in to your web account or Windows PC, simply insert the security key into a USB port, and when prompted and tap on the fingerprint sensor with your registered finger to complete the authentication.
- For FIDO U2F services, the device supports unlimited registrations.
- For FIDO2 services, device supports unlimited FIDO2 registrations with non-resident keys and up to 30 for FIDO2 services requiring Resident key.
- Once the user has registered fingerprints using tool the device can now operate independently or independent with the Websites/FIDO Services.
- The Device works with FIDO services without requiring tool.