Most organizations still do endpoint security the old-fashioned way – having users of PCs, smartphones, tablets and Chromebooks logging in with a username and password. Many companies even go so far as making users change their passwords every 3-6 months to theoretically keep them safe from identity theft. But despite this effort, which often annoys the end user and creates a lot of help desk calls for forgotten passwords, it is costly for the organization and is not that much of an improvement. Our research shows that the cost of continual password changes over a three year period is between $1011 and $1272 per user per app access ("Your PC has an Identity Crisis", J.Gold Associates, LLC., Copyright 2016). Given that most organizations have hundreds or thousands of apps and many users for each, the costs associated with this is staggering.

Besides the high cost of constant password changes, login credentials do little to help secure the organization. Identity theft is the number one way that hackers attack and penetrate "secure" corporate systems. And data breaches are expensive. According to the IBM/Ponemon Cost of a Data Breach Report 2020, the average worldwide cost of a data breach was $3.86M, while the US had the highest cost at $8.64M.

Some organizations have moved to a biometric approach to user identity management, assuming things like fingerprint scanners or camera-based facial recognition represent a step up in protection. But often, this technology is no better, given the unreliable results for the user when interacting with the biometric device, and/or the potential of hacking the central data store of biometric signatures necessary to make biometrics work. Further, most biometric systems are device specific, so users with multiple devices have an increased level of exposure. Finally, some policies and biometric products that organizations have deployed are so annoying to users that they bypass it all together, essentially making themselves an even bigger target, and exposing the organization to increased risk of breach.

What's needed is an entirely new way of securing access to devices and corporate systems that eliminates the need for username and password or biometric identification so as to greatly reduce the possibility of identity theft and unauthorized connection to systems.