How Ping Identity Plans to Help Change the Password Culture

Security provider unveils PingID, a cloud application that enables clients to use their smartphones  to verify their identities on the Web.

MONTEREY, Calif.--If Ping Identity had its way, users of the Internet would never again have to punch in another username/password to access a Web service or log in to a site of any type.

It's safe to say that most people wholeheartedly agree that usernames and passwords are annoying, difficult to remember, not very secure in the long run and that their time has probably come and gone. The problem is this: Do we have anything better?

Denver-based Ping Identity, serving as host of this year's Cloud Identity Summit here at the Monterey Conference Center, says yes. Google, PayPal, Microsoft and others also say yes; in their eyes, the answer involves something called federation.

Federated Authentication is the Key

Federated authentication is the use of two or more previously vetted, trusted third parties that have already verified the user's identity; this also is called multi-factor identification. An example of this would be when a user is subscribing to a new service on his/her phone and a screen comes up asking: "Do you want to sign in using your Facebook or Google+ ID?"

To add another wrinkle to this new-gen identity management approach, Ping Identity on July 21 unveiled a service called PingID, a cloud application that enables clients to use their smartphones (another previously vetted authentication factor) to verify their identities when logging into a Web service.

Based on intellectual property obtained in the March 2014 acquisition of an Israel-based company called Accells Technologies, PingID lets users authenticate with a single swipe of their device’s screen. No other security company has this feature.

Twelve-year-old Ping specializes in cloud-based security software for identity and access management that enables users to access software-as-a-service apps such as Box, Dropbox, and Google Drive with a single login. Ping's software is also used by financial services and health care providers to allow customers use their Websites without having to deal with multiple login pages.

Using the federation approach, PingID thus adds a second layer of security in doing away with passwords. If required, the app also can add other layers, such as personal-information questions. It also has a location feature that can block login attempts from specified areas.

Ping Identity Competes in a Tough Sector

PingID, as well as updated versions of other company products--PingFederate, PingAccess and PingOne--are all available now.

Ping Identity competes in a sector that includes highly respected independent vendors such as Centrify, Okta, CA, NetIQ, OneLogin and several others. Larger IT providers, such as IBM, HP, Oracle, Cisco Systems, Dell and EMC, all have their own in-house identity authentication solutions.

More than 900 security developers, architects and administrators are in attendance at the CIS conference this week. OpenID Foundation and Exchange Executive Director Don Thibeau told eWEEK he considers CIS "the largest and most important digital identity conference in the world."

Ping CEO Andre Durand, who has seen the conference grow steadily in attendance in the five years it has been held, told eWEEK that "we have to secure a digital world growing in volume and importance."

"Fifteen years ago we didn't talk much about our 'digital persona,'" Durand said. "Today it's pervasive and becoming more so over time. We need a way in which we can be secure in this new digital reality, and also not kill ourselves in the process."

"Killing ourselves" with security, Durand explained, means security that is felt and experienced everywhere, all the time. "This is not necessarily the world we want to live in," he said. "We won't want to be at check points, or waiting in line--physically or virtually. The trick is to leverage technology to build security that is seamless."

Google Also Working on This

At the conference, Google demonstrated its new Authenticator app, which works on Google accounts and a few third-party applications. A Google security team member told eWEEK that Google is planning to go completely "passwordless" by the end of the year.

"We've been working on this for a while, and it works very well," the team member said. "I know some people are going to say 'What?' rather loudly when they hear this, but we're going to do it."

The Cloud Identity Summit continues through July 24.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...