Rooly Eliezerov is a serial entrepreneur in the digital identity space, currently the Co-founder of OwnID, the passwordless identity platform. Prior to OwnID, Rooly co-founded Gigya, which was acquired by SAP. Gigya leads the Customer Identity and Access Management (CIAM) market, managing over a billion digital identities for the largest organizations in the world. The book ‘The Digital Identity Crisis’ by Rooly Eliezerov was published by Wiley and Sons in March 2018.
In this superb interview, co-founder of OwnID, Rooly Eliezerov, provides a behind-the-scenes look at his new, innovative startup’s smartphone-based, biometric passwordless authentication technology. OwnID aims to transform how people log into their accounts, and to drive advances in the digital identity ownership arena.
Decentralized solutions like OwnID pave the way towards a self-sovereign identity and hyper-personalized user experiences. Discover how the identity management landscape is evolving, and see what the future might hold.
Tell us about the OwnID story
Dor and I, the founders of OwnID, are part of the founding team of Gigya, the Customer Identity and Access Management (CIAM) platform that was acquired by SAP in 2017 for $350 million. After the acquisition we felt that identity management is an unfinished business and that there needs to be a more transformational approach to identity. We joined forces with some other bright minds from Gigya and raised our seed round with the main Gigya investor Mayfield. So, the band is back together for Act 2.
Why biometrics as opposed to another sign-in methodology?
Our concept is that ‘the phone is the key’. In the same way my phone can unlock my car and house door, it can unlock anything else digital. Fortunately, phones are locked with a secure biometric mechanism, and therefore what we have here is frictionless Two Factor Authentication (something you have + something you are). We believe it’s much better than old school auth mechanisms like magic links, SMS code and definitely a password. Better means: easier to use and more secure.
Tell us about the technology behind the product?
We are utilizing WebAuthn and FIDO2. Therefore, our product is completely web based. It enables websites accessing the lock mechanism of the user’s phone (both iPhone and Android). But our product goes beyond the core technology. It addresses many use cases (e.g. phone temporarily not available, phone is lost, phone doesn’t support biometrics, user already has an account with a password etc.)
How do organizations add passwordless to their customer identity processes?
A big advantage of OwnID is the ease of implementation. OwnID is an add-on to a given site’s existing system. Sites that wish to add OwnID’s passwordless can keep their existing registration and login forms, and just add the OwnID button side by side with their password field, which enables the users to authenticate using their phone’s biometrics. If user is browsing their desktop or any other device, when clicking this button, a QR code will be presented, the user will scan it with their phone which will prompt their phone’s FaceID/fingerprint, and the desktop will be logged in.
What impact is the OwnID technology having?
Many more users register and login when they can do it with their phone biometrics. It’s just easier. See how it’s done on Nestle and Delonghi. These two of OwnID’s largest clients report an increase in both registrations and logins to their sites and are constantly deploying OwnID to additional properties around the globe.
What key principles do you think about in protecting your users’ data?
Our key principle is: don’t keep data in a single place, but rather, distribute it. Therefore, we don’t store any user data in our database. We don’t even have a user data base. Our technology keeps the user auth keys on the user’s phone. We place a public key for each user in the database of the website we are serving, and we match a signature that is generated by the user’s phone to the public key. For each website the user has different keys.
What business insights would you like to share with other business leaders?
Our business approach is adoption driven. We believe that elegant solutions are not enough. As a matter of fact, our product strategy is strongly influenced by the go-to-market strategy. This is why we chose to offer our solution as an add-on and not a reap-and-replace solution. We also believe in making everything as frictionless as possible – frictionless for the end-user, frictionless for the developer and frictionless even for the business decision maker. Whatever you offer should be the most sensible thing to do across all parties.
Your perspectives on the future of identity management?
In 2018, Wiley published a book I wrote titled ‘The Digital Identity Crisis’ where I cover all aspects of digital identity and where I think it’s headed. My conclusion is that personal data will continue to expand and create value, but to keep it private we’ll need to have a mechanism that enables each individual to be the owner of their digital identity, so each of us controls and knows exactly how her or his data is being used.