Strong Customer Authentication

Unrivaled Biometric Authentication

Traditional MFA solutions that rely on SMS, push notifications and email not only present too much friction to the transaction but come with well-known security loopholes that lead to account takeover and fraud. These solutions provide proof of possession, not proof of identity. As a result, consumers are getting phished more often as they routinely get emails, SMS messages, and phone calls trying to trick them into disclosing account credentials, personal information, or downloading malware.

1Kosmos mitigates these problems because our approach ties verified identities to the user’s biometric that was captured at enrollment. Our exceptional user experience is warm and friendly. As a result, every access attempt physically verifies the user identity, leaving no chance for impostors to login, defeating ATO attacks and fraudulent transactions.

The platform is certified to NIST 800-63-3, FIDO2, ISO/IEC 30107-1, and ISO/IEC 30107-3 specifications and supports remote identity proofing to comply with Know Your Customer mandates. The user’s data is protected by a cryptographic public-private key pair, so the biometric can’t be spoofed or stolen, and sessions can’t be compromised.

Build Customer Trust and Loyalty Through Enterprise Grade Security

After identity verification and customer enrollment, organizations often issue weak credentials like usernames and passwords. 1Kosmos, leveraging its advanced architectural advantage Our platform empowers individuals to access and share credentials securely. Learn More , offers an authentication platform that supports biometric passwordless multi-factor authentication. This solution enables flexible levels of identity assertion, tailored to meet the needs of your business and adapt to the evolving demands of your customers.

1Kosmos authentication methods are available through our SDK, and can be easily integrated into any mobile app, delivered through the 1Kosmos app, or implemented as an appless experience.

Users will authenticate via any of our methods depending on the business need, the risk profile of the activity, and the security requirement for each access request.

By implementing 1Kosmos, organizations can deploy any of seven identification methods including: device biometrics, LiveID, push message, email/SMS/Token, 3rd party hardware token, Microsoft Entra ID, and Mac TouchID.

1Kosmos also integrates via industry authentication standards such as OAuth, OIDC, SAML and FIDO. It also offers legacy support via RADIUS and supports interoperability across Microsoft Entra ID, Mac, iOS, Android, Linux, and Unix operating systems.

Deploy What You Need and Meet Customer Expectations

Many people believe that passwordless customer authentication is difficult to deploy. Others just want to migrate from their antiquated 2FA systems and go passwordless gradually. Still, others have some passwordless capabilities but want to improve security because there are gaps in their current deployment.

A result of our flexible architecture is an ability to meet the needs of most any workflow. Many customers deploy 1Kosmos to satisfy both workforce and customer workflows. So as new mandates, regulations or even integrations come to market (like open banking as an example) the 1Kosmos API framework can help organizations quickly adopt and integrate, providing a future proof platform.

As a cloud-based identity provider, 1Kosmos comes with several key features. The administration portal provides easy access to the configuration and management of the platform. Starting with over 50 out-of-the-box integrations and a robust API framework enabling quick and easy integrations into CIAM technologies like Microsoft Entra ID, Ping, Okta, and ForgeRock.

1Kosmos APIs comply with the strictest GDPR, SOC2, and ISO 27001 certification standards for the handling and retention of sensitive data.

Customer Managed. Customer Owned.

During enrollment, information collected from scanned credentials is encrypted and, for the highest level of security, stored in a distributed ledger compliant to the W3C DID standard. As such, user information is accessible only via a FIDO2 certified public-private key pair secured in the TPM/Secure Enclave of a device and under sole control of the user (typically via their live biometric selfie) made possible by our innovative LiveID feature.

Without the private key, data cannot be decrypted, accessed or shared. There is no central authority overseeing data access other than the user possessing the private key.

For deployments that will continue to need passwords, customers will ultimately forget their passwords and require a reset. The digital wallet has a password reset feature that provides users a self-service reset option that utilizes user biometrics to ensure the validity of the request.

Since there is no centralized storage of user information, 1Kosmos eliminates the risk of a honeypot of personally identifiable information, which must be secured against data breach threats. This design represents a significant architectural advantage Our real biometrics (with verified liveness) and traditional MFA methods match risk to the authentication method. Learn More , enhancing overall security.