We had the opportunity to interview Ori Eisen, Trusona’s CEO, to find out what his company is doing to make our world passwordless and safer than before.
Safety Detective: Tell me how you got started in the cybersecurity industry.
Ori Eisen: Twenty years ago, I was working at a large bank and saw how criminals could just enter people’s accounts and divert their money. After that, I worked at a large credit card company and saw that the same kinds of things were happening to credit cards. I started my own fraud detection company called 41st Parameter. In 2013, it was acquired by Experian.
At that point, I started Trusona, which is a way to recognize who is on the other end without the use of passwords, which I think is where the world is going.
SD: How did you come up with the idea for Trusona?
OE: At first, we started with a product that was the world’s first and still only insured authentication, which guarantees that if a bank uses our product and proves that the user at the other end isn’t who it is supposed to be, the bank gets $1 million per transaction. We then started honing down the service to online identity proofing, and specifically to passwordless identification, people were very excited about it. I still believe that in the future, people will need to prove who they are with an online ID, just like we identify with a driver license. I still believe that after that we will need insurance because cybercrime is only growing. But for now, we will begin our revolution by taking away passwords and making it easier to log in.
SD: What are the worst cyberthreats that jeopardize end users’ devices today?
OE: I think phishing, which is a way to steal credentials in order to gain access later, is the biggest and most dangerous threat. I think we’ll see it growing the most. The next biggest threat is the SIM swap, which is when a hacker calls your carrier and convinces them that they are you by answering a few easy-to-answer questions so they can switch your number to their phone. So, when you log in to the bank, the attacker gets the text message with the one-time code. I think that is the most dangerous rising threat I see today.
SD: What does your company do to help protect the end-user?
OE: Firstly, when a health care company deploys Trusona, all their end users can log into the website without a username or password. So even if someone has malware on their PC that key logs everything that’s being typed—if you never type a user name and password, no keylogger can lift it.
Secondly, we also protect everything we do in our login process with what’s called “anti-replay.” We know that malware listens to sessions and then replays them. That’s why we always use something that is dynamic, and not static credentials like passwords, so there’s no chance of somebody using that session again to get access.
Lastly, we are modeling our solution on something that Jared Spool, a leading UX expert said: If it’s not usable, it’s not secure. What if we invented an antivirus that is so difficult to operate that no one would use it properly? So, we aim to make all our products user-friendly.
In summary, we’re ridding the world of passwords because it’s a mistake to believe that choosing a complex password will protect you. Password crackers can guess passwords with these special characters and without, and I just think it’s a folly to ask millions of people to do something that, in reality, does not help.
SD: Can you tell me how people can sign in without using passwords?
OE: Our product is not really for consumers directly. The company that they’re trying to log into needs to adopt Trusona. The only exception to the rule is WordPress. If someone is an admin, Trusona does offer a free plugin that would allow an administrator to log in without a username and password, which protects the WordPress site like nothing else.
SD: How can your solutions keep people safe when they use smart home devices? Is there something that your company can do for that?
OE: We can if the smart home device uses Trusona. In fact, we are talking to one company that makes security cameras for the home. The way we protect the device is by removing the threat of a static password protecting your home security.