BioPassword Inc is setting its sights high with the third version of its Enterprise Edition authentication software. The security start-up will release the 3.0 software today, with the ambition of taking a bite out of the hardware authentication token market.
This is aimed at companies spending money on RSA tokens, smartcards, fingerprint readers, said BioPassword chief executive Mark Upson. The goal is to clearly to cannibalize some of that money spent on hardware authentication.
BioPassword’s software-only system takes a biometric fingerprint of users’ typing patterns – using measurements of the speed between keystrokes and length of keystroke – that are referenced when they log on.
It’s billed as a second factor, an alternative to a one-time password token such as those sold by EMC’s RSA division, VeriSign and Entrust.
To give it a better chance of selling into this well-established market, the company has made some upgrades to its software to reduce false negatives. Nobody wants to buy authentication software that blocks too many legitimate users and generates excessive help-desk calls.
Customers who would like to start replacing their tokens need security north of 99%, Upson said.
When BioPassword is dialed up to that level of accuracy, so that there’s a 1% chance or less of a bad guy getting through the authentication, it tends to reject 1 out of every 20 legitimate logins, a 95% false negative rate.
In Enterprise Edition 3.0, there is now an option to turn on a challenge question for cases where a user fails the biometric check but only just. Upson said further factors, such as user location or hardware address, could be added in future.
The software was designed for Microsoft networks. It uses Active Directory. Now it also supports thin clients and VPNs. Support for all the major VPN vendors is expected to added over the next six months, according to Upson.
Prices start at $19 per user per year for a subscription. There is also a one-off perpetual license option. Upson emphasized that as the price is all-inclusive, it’s not a direct comparison to the cost of a hardware token, which is dropping and recently hit $5 from Entrust Inc.
A $5 token is the tip of an iceberg, he said. Entrust also charges a platform fee, plus user fees, plus token fees. You’ve got to provision them. You’ve got to replace them. There’s breakage. People lose them. You could give away the tokens and it would still be dramatically more expensive than us.
To date, all BioPassword’s sales have been greenfield opportunities, so its plan is yet to be proven. The company has signed up around 30 enterprise customers.
The Internet Edition of its software, designed for financial services companies looking to comply with strong authentication regulations, has about 19 regional credit union customers, and a million end user accounts in total.