Why Woven?

Woven eliminates passwords and ensures that the person accessing your critical business data is REALLY your employee and not some hacker using their stolen credentials.

 
 
 
Artboard.png
 
 

 Problems with Passwords

Hacks have increased across businesses of all sizes , resulting in critical data breaches and other internal issues. Studies show that 81% of all data breaches are the result of a compromised password.

 
 

Password Theft

Passwords are outdated, ineffective, and expose businesses to tremendous risk. And over the 55 year history of passwords there have been multiple attempts to fix passwords by putting on different types of bandaids. And every information security professional in the world will tell you that passwords are the problem, not a solution. So why are we still using them?

Data Breaches

81% of all data breaches are the result of a compromised password. Hackers getting more and more sophisticated and solutions like 2FA are not effective. And the percentage of data breaches due to a password compromise just keeps going up. In 2013 it was 37% and now more than 80%, despite all of the two-factor authentication solutions.

Phishing attacks

Hackers continue to rely on a tried-and-true method to steal personal data and rip people off--phishing attacks that follow current news and trends. And now you have to worry about real-time spear phishing where hackers are smart enough to ask the user for their 2FA code, collect it, and use it — all within 120 seconds.

Wire fraud

Wire fraud is $30 to $50 billion annually. Wire Fraud is an epidemic that is reaching historic levels here in the US and across the world. And wire fraud depends on identity theft or impersonation to be successful. You get an email from someone providing the wiring instructions for when to send money and you assume it’s real and you wire the funds to the wrong place. Now what?

Identity Theft

Identity theft is $17 billion annually. New privacy laws require user consent for use of PII, but fail to require a way to attribute human identity to the online user for identity-verified consent. The big irony here is that many businesses actually have a legal requirement to verify your identity at some point in the business relationship. Banks for example must verify your legal identity before they open an account for you. But having done that, they give you a username and password to use online. The value of the identity verification is lost.

Tax Fraud

Tax fraud is $1.6 billion annually. And actually that’s the amount that the bad guys actually get away with! Tax criminals try to short-cut our legal filing efforts, using a variety of scams to steal personal info and tax identities in order to file for fraudulent refunds. All because there is no such thing as a verifiable online identity that can verify who is logging in instead of what they type for username and password.

Social Engineering

How do you verify the identity of a person on the phone? No matter what you do to secure systems and accounts from a technical perspective, most are still vulnerable to social engineering attacks where someone on the phone (or even in person) convinces you that they are the account holder. In fact, in the financial service industry call-centers are spending more than 20% of their call time doing identity verification.

Bad user experience 

How much thought do users really give when they key in their username and password while making an online transaction or accessing online banking? Not much. Internet attackers are using sophisticated tools to gain unsolicited entry into computer systems all over the web, and currentsecurity systems are finding it difficult to keep up with them.

 

Why Other Solutions Aren’t “Good Enough”

We talk to companies every day who say, “We don’t need to make a chance, what we are doing now is ‘good enough’”. We want everyone to understand that this simply isn’t true. “Good enough” is the philosophy that got us into this mess to begin with.

 
Info-1.png
 
Group 1@1x.png
 

Phishing is the #1 Threat
Phishing attacks and pretext attacks represented 91% of incidents and 93% of breaches in recent studies. Any identity solution that leaves you even a little bit vulnerable to one of these attacks isn’t good enough.

 
 
 
Group 2@1x.png
 

Passwords are the Problem
The goal of a phishing attack in the consumer world is frequently to steal Personal Information (PII), but in the business world the goal is generally to steal your password. Business Email Compromises (BEC) cost companies in the U.S. more than $12.5 Billion last year alone. Any solution that doesn’t eliminate passwords isn’t good enough.

Info-2.png
 
 
Info-3.png
 
Group 3@1x.png
 

Ignorance is not Bliss
Sadly there aren’t any real statistics on how long it takes a business to know that they have been compromised. When you’re email passwords have been stolen, it means that the bad guys can know access your email account, and hackers are patient. Their primary goal in these cases is “intelligence collection”. They are literally just reading your email until an opportunity presents itself. Just because you don’t think you’ve been compromised doesn’t mean you haven’t.

 
 
 
 
Group 4@1x.png

2FA Isn’t The Answer Either.
Even two-factor authentication (2FA) doesn’t solve this problem. Remember that the specific name for this type of authentication where you type in a 4-6 digit code as a second authentication factor is “Time-Based One-Time PASSWORD”. It’s another type of password that is short-lived, but that simply means that hackers need to (a) know to ask you for your TOTP code; and (b) use it within 120 seconds.

Info-4.png
 
 
Info-5.png
 
Group 5@1x.png
 

Real-Time Phishing Attacks
And so, real-time phishing has become a thing. Because as long as the solutions we are using have any kind of vulnerability whatsoever, the bad guys are going to find it and exploit it.

 
 
 
Group 6@1x.png
 

How Can Employees Know
You’re employees are faced with this every single day. You need a solution that eliminates the risks and replaces passwords with an easy-to-use user experience that makes it clear to the employee that they are safe. Woven makes it so that your employees CANT make a mistake that compromises your security. You can’t accidentally give away a password if you literally don’t have one to begin with.

Info-6.png
 
 

Efficacy of Today’s Verification

Not a single online transaction today has verifiable identity associated with the user involved.  That’s because systems use only usernames, passwords, and 2-factor authentication ─ but don’t actually verify the user’s identity to begin with. And compromised passwords are responsible for 81% of all enterprise data breaches.