Authenticate (and Know) Your Customer

There are few terms more overused than the word Auth in the world of software products. Just in the last half-decade alone, there have been a plethora of companies started to solve the “Auth” problem for businesses (most notably companies like Auth0 and Okta). Auth is overloaded because it can include everything from enterprise authentication features like SAML, SSO, Directory integrations, IAM, session and user management, and even authorization. Most “Auth” companies try to cover all these bases, providing businesses with an all-in-one platform solving all of these problems.

Therefore, we often get the question: How does Footprint help companies with “Auth”?

An Opinionated Stand

Footprint doesn’t aim to solve the bulk of the problems described above that are usually coupled with “Auth” — instead we take a very opinionated stand that enables businesses to use Footprint as complementary solution with their existing approach to authentication.

Uniquely, during a user’s initial onboarding — when Footprint verifies their identity — we register a Passkey that binds the user’s identity to a strong cryptographic credential. This occurs for every identity verification (KYC/IDV).

Most auth solutions support Passkeys (it’s an open technology, which is great) but uniquely, Footprint’s Passkey is cryptographically bound to the user’s verified identity.

KYC → Auth

Footprint’s 5-line-of-code integration lets businesses quickly authenticate a user using their Footprint Passkey — thereby providing a cryptographic “proof” that the user who’s identity was originally verified is the same user coming back into the product.

In many regulated industries, this is important (think gambling or adult entertainment) — however, all businesses should care about ensuring accounts are not susceptible to take over attacks or phishing. In products where your identity matters, there can be dangerous financial and reputation consequences if someone gets access to your account. For example, a fintech app where an account take-over can lead to a change of direct deposit bank account — thereby diverting funds to a fraudster.

Footprint’s auth can be deployed not only at product login but also in cases where a user performs sensitive account actions (like making a bet or changing a source of funds).

Auth → KYC

It is also worth noting that Footprint’s innate identity verification technology can make classic “authentication” better too. Businesses can use fraud signals to step up a user who may be at risk for credential/account compromise by performing a lightweight KYC or IDV to verify that the user logging is who they say they are. While “auth companies” can do a lot — none of them delve into the complex space of KYC and IDV. This makes Footprint uniquely able to solve pain points around fraud right when a user authenticates to a product.

And Beyond

We're working on some exciting new progressive step-up flows and fraud tools to make Auth with Footprint even more powerful. Instead interrupting a login or sensitive application action, actively enforce step-ups to validate that the user is who they say they are. Stay tuned!