Podcast: 1Kosmos Co-Founder Michael Engle Talks The Future Of IDM
Video Transcript
Adam Callen:Hey everybody. Welcome back to the Nyedis Anarchy Series. I'm your host Adam and Co-founder of Nyedis. And today we're meeting with Mike Engle, the co-founder of 1Kosmos, which is a company I'm actually a big fan of. And one of the big reasons I started this podcast, which I don't even know if you know this, was to interview you. I know we talked about it, I think it was over a year ago. We met up in Jersey at that restaurant there and we were talking about a podcast and stuff and I was like, yeah, you were the first person I wanted to interview. So thankfully a year later, I'm glad to finally have you.
Mike Engle:
Yeah, no, that's great. I do remember that it was down at the Jersey Shore there, and we did get a quick little drive-by recording at the identity week, a couple months back, right? So, that doesn't count. Yeah, no happy to hear.
Adam Callen:
I wanted to pick your brain, so this is awesome. I'm really appreciate your time too. Thank you.
Mike Engle:
Sure, sure.
Adam Callen:
Cool. So 1Kosmos, I'll let you kind of dive into what the company is, but I got to tell you from my standpoint, the reason I kind of became infatuated with your company is because one, you're all about passwordless, which I think is absolutely the future of authentication with everywhere, not just from a commercial standpoint, but even from a personal standpoint, from a typical user side. And then also you use blockchain, which I think is super smart and a lot of people just haven't figured out how to do it yet you guys are not only doing it, running with it and proving that it works in the enterprise. So, I think you're a great model company for how blockchain could be used. So, why don't you kind of tell us a little bit about 1Kosmos your role, how you guys maybe started out as a company and what made you kind of tie in blockchain as your back end there?
Mike Engle:
Yeah, so there's a lot there, but if you really go to the Genesis story of the company, Kosmos with a K means universe in Greek. So, there's one universe. The idea is we're going to be one identity that everybody has, which is the way it should be. There shouldn't be two atoms that exist in different databases because that's the way it's been. So, the idea going back about 10 years ago was let's figure out how people can own their own identity. And we just recently announced that when Elon goes to Mars, they're going to be using a 1Kosmos ID. I don't know if you heard that.
Adam Callen:
Really?
Mike Engle:
So yeah, it's coming together one universe-
Adam Callen:
That's freaking awesome.
Mike Engle:
Yeah, yeah, we're super excited about that. So, the technologies that enable that were really only developed in the past about 10, 15 years. And that is a way for you to verify your identity, right? Anywhere using a couple of tried and true technologies, your face, public-private keys, that those are really some of the two enablers. And now that everybody has a phone, high-res cameras, right? TPMs to keep keys, we'll get into all that possibly. So, came up with the idea and out of the box we're like, you're going to be able to use your identity anywhere. And that's been called Self-Sovereign Identity, Decentralized Identity. A lot of listeners would know what those things are. We didn't focus on them originally because the market wasn't really ready for them, and it's just starting to get there. So, if we had spent our last whatever, five, 10 years doing just that, we wouldn't have gotten very far. So, what we did instead was applied the best parts of that to commercial citizen-facing applications, whether for employees or workforce, et cetera. And that's worked out really well.
But under the hood, you mentioned blockchain. If you think about what blockchain brings to technology, it's privacy, it's immutability. And think about those two things alone when applied to identity, they make a lot of sense, right? If I use my identity, it's on a ledger for an employee or employee-facing application, that's really important. But blockchain lets you share things selectively, especially when you add on things like verifiable credentials. So, we're obviously not just putting stuff out on a blockchain. Blockchain is an enabler. You can think about a better alternative than a database, private blockchain that lets you connect to others and share selectively. And so, that's what tied it all together.
Adam Callen:
So, what type of blockchain are you using an EVM, blockchain, under the hood?
Mike Engle:
Under the hood, we've used Ethereum, but we use, because we're using decentralized identifiers, we can connect to any other blockchain. So for example, the state of California, this is a kind of a public-facing project they have, they're using a Tezos blockchain to enable the same concept but within California services. And we can integrate with that because we provide an abstraction layer that allows you to go look up. So, there's 50 types of blockchains out there. We really can work with any of them.
Adam Callen:
Oh, wow. That's awesome. All right, so you really just glazed over this whole thing about how 1Kosmos is going to be used for Elon Musk's Mars Expedition. Maybe we can kind of talk about that for a second. So, what is that?
Mike Engle:
No, it's not a real thing. I just figured I'd say Elon Musk, it's going to be great for our SEO, right?
Adam Callen:
Yeah, man, I was going to say, I was like, that's phenomenal.
Mike Engle:
Yeah. But maybe I'll run with that. We'll see. I'll make some fun.
Adam Callen:
You should, you should make that call.
Mike Engle:
Yeah. So, the challenge you face, like say at the holidays is you have to go and create 50 accounts to go shop at 50 websites. You have some common ways to do it now where you type in a phone number in Stripe or Square or Clover, they find you automatically and they're like, Hey, you're getting a text message. You didn't even give them your phone number yet, right? So, you could think of that as a centralized identity that's making things easier for you, but now you have to rely on Stripe or you have to rely on logging with Google or you have to rely on these centralized services which control your destiny. The technology under the hood that allows you to own that and then share it with permission is what we've really pioneered. It's really, it's you owning your own wallet rather than having wallets be centralized or identity stores be centralized. And we're seeing more and more organizations ask for this. Overseas there's several countries that have allowed you to download a copy of your say citizen identity into something that's offline and you can use over and over again.
Here in the US it's going to take us a very long time to get there just because it took us how long to do chip and pin on credit cards, right? 20 years behind the rest of the world. But we're seeing it a lot internationally. So, it's getting there. And then of course you have the EU Wallet Initiative, which is saying that every European citizen will have the ability to own their own identity into a European Wallet. That's the vision. If you have your own wallet, your own identity, use it anywhere. It solves so many problems as long as it's done right. And so, that's what we're doing under the hood. But tactically, you mentioned your opening salvo was passwordless has gone mainstream in conversation and it's getting out there in the consumer world because of FIDO and FIDO passkeys, right? You're seeing that stuff pop up everywhere, everywhere. But that's really, we see that as a feature without identity is just another way to authenticate that. It may or may not be you, it's most likely the same person, but there's no assurances.
Adam Callen:
So, how do you assure it's the actual person then?
Mike Engle:
Yeah, because we prove it. So passwordless, the standard for that comes out of the FIDO Alliance and we're all members of that. And so that says it's phishing resistant. You have a private key and you link it with some type of biometric or pin. Well, if you could link that to, let's say every time you use that, you had to hold your driver's license up to the camera, it'd be a much higher level of assurance or if I look at your real face and compare it to a face of reference. And so, we combine all those technologies together. Let's say before you were going to access CyberArk, you had to say, I will only let this CyberArk is the keys to the kingdom, right?
I'm only going to let people hit that if they have a verified identity regardless of passwordless or username, password, 2FA, 3FA, whatever. And so, we can in line in real time for any type of transaction, reach out to you and say, "Do you have your identity verified?" You come back with a signed response, "Yeah, this is it. Same one that I verified," or "No, you don't." "Great. Would you just verify it now real quick for me, contractor in Eastern Europe?" "Sure, no problem." Scan your passport, scan your driver's license, scan your face, whatever, verified and saved and never has to be done again.
Adam Callen:
How long does that process take, the whole setting up part of my identity in there to verify?
Mike Engle:
So for me, being good at it takes me 10 seconds because I'm like boom, boom, boom. But to the uninitiated, it takes a minute to two minutes. That's the other thing is now that the camera in the processing at the edge is as you're holding this to a government issued credential, for example, it's just guiding you and saying little further away. When you're scanning a check at your bank.
Adam Callen:
Yeah.
Mike Engle:
It's gotten pretty good, right? Yeah. It just hold it up. The light comes on. So, it's gotten really user-friendly and that's why everybody's ready for it now, but before-
Adam Callen:
And once they register, then that identity is stored. So, every time you're requesting to verify the identity, you're just asking them to sign a message with that private key that they have that you've already verified. You're not asking them to re-scan their face every single time, or are you?
Mike Engle:
Exactly. No, we're not. And then let's say you work at a bank today and tomorrow you go work at another bank or whatever. We have actually abstracted that identity into part that you own, that the bank doesn't own. As an employer, should not own your identity. They can't take away the fact that you have a New Jersey driver's license.
Adam Callen:
Yeah.
Mike Engle:
Right? So, if there was a relationship, yeah, if there was a relationship between the two, you could actually have that exist between multiple entities and that's the promise of wallets and standards that let them be shared. Not ready for that yet here in the US, but it's getting there.
Adam Callen:
Yeah, I think that's one of the biggest things is getting into the adoption phase of this and people understanding how it's easier, more secure, and it's less risk for the enterprise. I mean, if everyone's identity is decentralized and it's self-sovereign, owned by the individual, then the risk of breaches and being published online about how you just had 4 million user identities stolen out of your company is no longer a thing.
Mike Engle:
That's right. Yeah, that's right. Yeah, identity is a new perimeter, all that stuff, it actually becomes true. If you could imagine if every time you were going to do something, I could just say knock knock, continuous identity verification, and our jobs gets a lot easier as information-
Adam Callen:
That was my next question. So, what is your definition of continuous identity verification? I saw you just did a thing with Sam actually over EY talking about it. So, what's your definition of continuous identity verification?
Mike Engle:
Yeah, the term continuous is hard because you've established a session and how do you keep verifying in real time? There's a couple of ways to do it. Obviously if you trust the endpoint, that's the first step, right? So, you have an environment that you trust, then you don't have to continuously, for example, look at my face. But so, possession of that signed certificate is one thing you can ask for continuously or when you are moving between one application or another. For example, we have technology that can look at my face as quickly as I'm blinking and just make sure it's still me. And so, there's ways to verify in real time that it is you and it's just basically glancing at a camera. The camera is the only thing that's ubiquitous but doesn't require dedicated hardware. And so doing that, doing it right, doing it with privacy preserving in a way where of course the latest threat is DeepFakes, where you're trying to mitigate all that stuff as well.
Adam Callen:
Yeah, actually kind of a tangent, but very on topic with what you're talking about right now is I had kind of an epiphany a couple months ago and I was talking to my wife and some friends of mine and I was like, holy shit, it's going to be very soon that photo and video evidence is no longer going to be a thing because the first time someone goes to court and says, "That photo is not me."
Speaker 3:
Hold on lady. I didn't say all that. You know what? These tapes, they can do a lot of things.
Adam Callen:
Someone generated that, that's AI or that video is not me, that's AI generated. Good luck on that one. And that's going to basically invalidate all photo video evidence in a court of law, which I think is going to flip the courts upside down. And I think it just happened, there was a court case recently that just came out where someone's in trial, something very menial like shoplifting or something stupid, and they're like, "Hey, look, we have a picture of him." And the guy said, "That's not me. You guys did that via AI." And all of a sudden everyone went, "Shit how do we prove it's not?" And now there's going to be a huge question. I think that's the tip of the iceberg that no one's really discussing, which you offer that as a counter is the way that you're verifying the identity is vastly different than just a picture. I couldn't, correct me if I'm wrong, but I don't think I could take your black ID app and just hold up a picture of someone else and it would recognize it as them. It's using the actual LiDAR of the face, right?
Mike Engle:
Yeah, exactly. There there's a whole post of liveness technologies that help mitigate that. And the other thing that goes with it, so what you're saying is there was video captured of me three months ago, and that's now being used in evidence is if you had chain of custody of that, of this camera was watching this thing. And we know the video went here and it was digitally signed, ideally with signatures on a blockchain that are immutable that point back to, I don't know if there's hashes of the images along the way. But yeah, you're going to see there'd be requirements for that type of stuff, almost like watermarks that prove the provenance of something like that. That's yet another thing for us to worry about.
Adam Callen:
So, I was in Lisbon last year at a security conference and I was talking with some of the people there about passwordless, I was like, "Hey, what are you guys doing for password lists?" And they looked at me like deer in headlights. And a little bit further in the conversation, we started talking about self-sovereign ID, decentralized ID, and they're like, oh yeah, we're definitely moving towards that. I think Europe is just completely leapfrogging the entire password of this conversation and just going straight to self-sovereign, where I think what you're saying here as well is that it's going to be a long time before anyone here in the states really adopts that on the commercial level. Are you seeing differences along those lines from outside the US versus inside the US on the adoption of self-sovereign?
Mike Engle:
Yes. Yeah, we're seeing Canada, the Asia Pacific region, a couple places in Europe. For example, a bank that we're working with wants to use their bank identity out in the industry. Your bank has a really good idea of who you are. You've been banking with them forever. They had to prove you for KYC. They know your IP address, where you live, all that stuff. So, imagine if instead of I go to buy a car and it just says, "Bank of America is going to verify that this is you" You'd be like, sure, help yourself and you authenticate the BofA and it hands off to the car. Yeah, this is really him. They look at your face, whatever it is. That's the idea. There's a couple of sources of truth about you is your government identity, your bank identity, your phone tells a lot about you, right? As long as you can avoid things like SIM swaps. So, we're seeing different organizations try to repurpose those trusts, anchors out in the industry to either make people's lives easier or actually monetize them.
Adam Callen:
So, speaking of money, you have described this the best way possible. So, I was hoping I could get you to kind of do the same thing again, which is what's the cost savings that enterprises generally see by moving to a passwordless solution, like 1Kosmos is BlockID?
Mike Engle:
Oh, it's so much that people don't believe it.
Adam Callen:
Exactly.
Mike Engle:
It is. It's unbelievable. And so we actually did a, it's a public ROI study. I won't say who it is because I don't know how public it is, but if you search search for the top five telcos and us and the CISO of that telco, it's out there. So this telco had 40,000 employees that they needed to migrate off of username, password, one-time code token. We did it for them in a month, went live and had the first a hundred tokens working in the first month, and they moved the passwordless and then they got it rolled out within a couple of weeks. All employees. What they found out was the time, username, password, go fetch the code. Let's say it averaged 15 to 18 seconds for that sequence. We got it down to four because it's a single touch experience, right? Passwordless, not even a username.
And they added up all the logins. And they said, "Okay, it takes it's 11 seconds in savings and they averaged it all out," extrapolated that, and they saved $4 million in the first year. It took a quarter and multiplied that. So, it was phenomenal. And when we do it, if you add then in Windows, how many times a day do you unlock Windows in a corporate environment? About 16. 16 character passwords of the norm now, there's no MFA on Windows typically either. So, not only is it-
Adam Callen:
Not by default, for sure.
Mike Engle:
Painful, but it's not even MFA. So, a hundred thousand person organization, I just did an analysis for them and it was $31 million in savings. I'm like, I can't show the CIO that. They'd be like-
Adam Callen:
They're going to laugh you out the door and be like you're making stuff up.
Mike Engle:
Yeah, I had to dial it down to like four, so. But it is really there. You just have to go after it. And then of course the other savings are the simplification of your IT infrastructure. So, most organizations like that one I mentioned have 11 different ways to authenticate. You got multiple two one-time codes to email or nothing. And so, you inventory them and you mark the candidates for getting rid of them, and you knock out the cost of four systems and all the admin it takes to manage them and the license fees. And you're talking about real money.
Adam Callen:
So, your onboarding times seems super quick. I mean, you're saying about a month you had this 40,000 pilot going with a hundred users. What's kind of, if you get the high level steps of integrating your tool to kind replace the traditional, let's either Federation or are you tying into what are those high level steps to integrate your product to an enterprise?
Mike Engle:
Yeah, an enterprise will target three platforms where you'll get 80% of your passwords out of the way. So, your remote access, typically Cisco ASA, like your VPN, Zscaler, or Citrix, and then your operating systems, Mac, Windows, Linux, and then your SSO system. Most things are behind SSO. So you got the external perimeter, you got the operating systems, and then all the web applications and things underneath. And that's 80% of your password. So, you pick the one that you could deploy to with the least friction, get your feet wet because you got to learn a new run book for the help desk. And actually the help desk's live, there's a whole host of savings there.
Adam Callen:
True.
Mike Engle:
How many password resets are there for an organization? 10,000 people typically. And 30 or 40% of your help desk calls are password related. So, you can save all that money. And so we target them, we demo it in a week. We just say, "Listen, use our lab. Here's all the hardware, here's all the moving parts. Grab an authenticator and go." And so, that's really helped us get time to value without having to have these big, long, expensive proof of concepts. So, it's worked out really well. And there's a couple important considerations. This is from a talk I gave at Identiverse last year. The one is you deploy with coexistence. So, legacy on the left, new stuff on the right. When people come into work Monday morning, 9,000 of them that haven't gone are just going to see this thing over here, whatever. I still type my username password 2FA. So, coexistence, we support that on every platform. It allows you to get one user up and running in production without impacting the others.
And then the second is make enrollment so easy that anybody can do it just like you're signing up for Amazon or doing an Amazon checkout, we call it going viral. So, obviously you can email and invite all of your employees and do campaigns, but you want them to be able to self-service. "Hey Adam, why are you still using a password knucklehead?" You're on a teams with them, right? "Why didn't you enroll for passwordless?" We let them self-enroll and one of our largest clients on Wall Street puts it right up on their screens in the offices, scan this QR code to learn how to go, and they enroll themselves in a few minutes. And what you're really doing there is authenticating the same way they do today, what you trust and handing them the new public-private key pair in a biometric. It's that simple. So, it'll take care of itself if you do that as well.
Adam Callen:
So, do you have to install, do you have any servers or anything running locally? Is it all SaaS? Are you tying to Federated login? How is the actual authentication taking place behind the scenes then?
Mike Engle:
Yeah, most of it is cloud. Everybody's moving to Azure ID these days, so we tie right into that. But there's so much on-Prem LDAP or on-prem AD that to facilitate that. We do have a lightweight, highly scalable agent that can sit in the enterprise to facilitate an AD machine that's not on Azure AD yet. So, we have kind of a hybrid model, but there's no servers or infrastructure you have to install on-Prem to make this stuff work. It's all magic.
Adam Callen:
Nice. Does it tie into existing Federation SSO tools? Like you're saying one of your three pillars is the SSO market. So, do you just integrate with PingFed or whatever?
Mike Engle:
Yeah, Ping, Okta, ForgeRock, Azure Ad, SiteMinder, all those things. We sit right in front of them. And originally when we started doing this, this is the challenge with any young company is how do you convince a big company to trust a young company to do something very important? And so, we've gotten past that. We have over 80 million identities under management scaled like crazy global deployments, active, active guarantees on SLAs. And so, what we say now, the big argument against in the enterprise against somebody like us who's a very specialty, high secure, highly verified identity play is, well, I'll just wait for Microsoft to do it. I have an E5 license, right?.
And then something happens. What happened with the Microsoft hack two weeks ago, right? Where the complications of on-prem AD, ADFS, domain privileges, all that stuff, it was just kind of a old school vector. But people are now wondering, do I really want to trust my security to the thing that's also keeping all the lights on? All your servers, your AD? So, there's really now, and the same thing's been happening with Okta, right? Okta's had a bunch of exposures and challenges-
Adam Callen:
Last year.
Mike Engle:
Yeah, I'm sure that you had probably 10 podcasts just about the Okta issues. And they have built amazing businesses, right? But they're not specialists in identity and the authentication to get into anything. So, we advocate that we will be that for you, let these systems do what they do, let the SSO SSL, we'll partner with them very nicely and provide the layer that's missing in every environment today.
Adam Callen:
Nice. That's awesome, man. Last question I have is, I know you mentioned a lot about how this is all decentralized ID, I guess two-part question. So, are the keys stored on the phone or are you also storing the keys in the cloud for the identities? And then the second thing is how do you view decentralized identity or self-sovereign versus verified credentials?
Mike Engle:
Yeah, so we have multiple deployment models we can do just on phone. The challenge with that is if you lose your phone, you have to start from scratch. You lose your Bitcoin keys, you're starting from scratch, right? And that's okay. Some people are fine with that. I want a lot of friction when somebody says they have to re-enroll. But what we've done is we have a host of what we call wallet recovery options that keep the user in control of their identity and let them restore onto a new phone using these recovery options. So for example, if you had another device you enrolled, you lose this one. So, tap that one and restore. And if you don't even have that, we can turn your face into a private key that is meant to be a restoration factor. So, imagine you just walk up to a camera and you look here and I say, "I'm proving that's Adam. I've got all the liveness checks."
That is decrypting something that we store in what's called IPFS, which is a blockchain-based file system, that then extracts your data and puts it back into your wallet. We would never have access to that data. We don't have that private key. It's one of our design principles. And that same concept of technology keeps us out of biometric trouble as well. If you use biometrics and for example, you probably have seen what goes on in Illinois, all the lawsuits there with BIPA, we're BIPA exempt when somebody says, are you compliant with BIPA? We don't have to be. Are you with GDPR? It's not a conversation. And we have all these documents from privacy attorneys verifying that. So, that's worked out really well for us. It's an alternative to the model that's getting a lot of people in trouble.
Adam Callen:
So, when you say IPFS, is that the global interplanetary file system or again, a local private version?
Mike Engle:
Yeah, no, everything is, we're basically a single-tenant model. We don't co-mingle anything and it's private. Now if you then getting to your verifiable credential question, so you are bank X and you have all your stuff here, and this is great, it's highly secure, it's highly scaled. When you want to share those identities over here, that's where you can start to have the two organizations publish to the same trust over IP framework, right? So, I'm going to allow my employees, I'm going to give them a verifiable credential and just give these guys a very simple verification that they're the relying party, where they can reach over here and not have to set up that heavy federated authentication type stuff that we've been doing for so long.
And so, an example would be you work at Goldman Sachs and you want to share that all my employees can go get this discount over here. Well, you can give every employee a I work at Goldman Sachs verifiable credential, and all you have to do is go into Verizon, scan a QR code, screen turns green, or you can do it remotely and you've just proven it without having to do anything or expose any information. No usernames, no passwords, no email addresses or anything. So, that's a common use case that we're seeing get some traction.
Adam Callen:
Nice. Cool. Awesome. So, what's the best way if people want to learn more about 1Kosmos and BlockID and stuff, where should they go? They should just email you, call you directly at night, what's going on?
Mike Engle:
Yeah, that works great. Yeah, my number is it's on the side of my car as well. No, I mean our website is really a source of education on all these things. We put it all out there and in fact, we're one of the only identity companies that has not only entire developer stack put out on developer.1kosmos.com, but sandbox environments. You can go to our website today and start scanning a driver's license and create your own wallet and do everything that you would need to do, verify identities, etc. And you can turn your driver's license into a verifiable credential, hang up the phone and go try it after we're done here. So, not only is it, if you don't know what verifiable credentials are, go learn, but try it out as well. And that's really cool. Of course, I'm all over LinkedIn. People can reach out to me anytime as well. It's super easy to do.
Adam Callen:
Nice. So, last question then. What do you see the future of authentication, let's say three years, not too far out? Where do you think it's going to be in the US from an enterprise standpoint?
Mike Engle:
You're going to see people embrace identity verification. So we've all been exposed to scan your driver's license maybe for tax or crypto or whatever. And it's been in these little pockets. If you've used an airline app, you might have to scan your passport or go on a cruise. So, it's been there. It's now getting to the point where it's enterprise ready. And so, as part of our platform, single license key, you can just snap it into your help desk and say, "Before I let any admin reset a password, I'm going to push this button." It calls us, we verify, come back with a green check mark. PII friendly. The help desk agent never sees their driver's license. And so, it's been made enterprise ready. And there's companies like us now starting to do that. And you'll see the same thing happen with reusable identities and biometrics. Think about enterprise and biometrics. What comes to your mind on that? You worked a lot of enterprises.
Adam Callen:
Well, I mean most people just, well, I can tell you right now, I know a client of ours that's rolling out, they're trying to do the whole Windows Hello Biometrics. And they're rolling that out everywhere because they're like, oh, well there's a fingerprint reader on your laptop and the camera laptop can do the biometric via the face thing, so go ahead and use it. And then they rolled it out and then they found out everyone has their laptop closed with an external monitor, so they can't use either one of those.
Mike Engle:
Exactly. So, there's your E5 license kind of concept. It's like I use Windows Hello. When it works, boom, you're in face one second or your touch ID on a Mac, right?
Adam Callen:
Yeah.
Mike Engle:
But it doesn't roam. You enroll once, you use once, you go over here, it doesn't work on kiosking, it doesn't work on domain controllers, it doesn't work on Citrix or MSTs, a terminal server, right? So, it's not usable. It's not extensible across the environment. And if you said to an enterprise, I'm going to let your employees log in with a face or a finger anywhere, enroll once, use it anywhere. I think that's what we're trying to do. They would be like, that's amazing. So, it's Windows Hello but I can use it anywhere. Or it's my thumbprint reader, I can use it anywhere.
So, imagine and you can roll your face once and use it anywhere or for hard to reach places, we all know what the benefits that YubiKey bring to an organization. It's like a nice security factor slide at any, you tap it. But they have challenges as well. A one-to-one match, one YubiKey per person. It's expensive. They're hard to manage. So, we recently rolled out this fingerprint reader, which is a enroll once, use anywhere, okay? And it's made for the enterprise. So, the use case here is, I don't have a camera, I can't use a camera, I don't have a phone, I won't use a phone. Whatever it is I'm going to skip-
Adam Callen:
Or restricted space doesn't allow phones, right?
Mike Engle:
Yeah, call centers, etc. Or desk hoteling. So, this is really almost disposable. It's kind of the whole model around it. As I come in, I tap and I'm staring at my screen or logged into the application. Second person comes tap, the first one's logged out, and you're logged back in as that second person. So, we've taken the concept of Face ID or Windows Hello and Touch ID and made them extensible to be able to use across the whole enterprise. And I think that's where we have to go. It's the only factor that proves it's you every time, right? If it's just a key or YubiKey or some other-
Adam Callen:
Anyone can touch that gold disc.
Mike Engle:
Exactly-
Adam Callen:
Or what's worse is if I don't have it.
Mike Engle:
Right? Even smart cards used in the government, CAC and PIV cards, it's a card, a PIN, but if you gave that to somebody else, they're you. Unless you-
Adam Callen:
Anyone can clone, they are cloneable.
Mike Engle:
I didn't hear that, right? Only by your consultants right? So yeah, no, that's what I think the future of authentication for both consumer and enterprise citizen is going to be reusable biometrics that prove it to you with privacy preserving architecture. So, I think you'll see in the next three years in enterprise adoption of verified identity, new hires, prevent contractor jacking, or also for remote caller verification, right? That's how a lot of the most recent hacks have happened is I got into the help desk. So, make them prove who they are, and we have the tools now to do that.
Adam Callen:
Nice. Awesome. Well, thank you very much. This has been really cool. I'm so excited to finally be able to talk to you in depth about 1Kosmos. Like I said, I'm a huge fan. So, for everyone else out there, 1Kosmos.com, definitely check it out. It's an amazing company that's doing where I think the future of identity is going. So Mike, I really appreciate your time. Thank you for coming on. This has been great. I appreciate it. Thanks.
Mike Engle:
Thanks for having me, and I'll see you on Mars.
Adam Callen:
Oh man, looking forward to it. Later.