So if I could just start by asking each of the panelists from here to introduce themselves a little bit and what they do, why they're here, what they like, favorite hobbies, that sort of thing. So please, after you.
Sorry, I've already forgotten people's names. So just quickly introduce myself. I'm Lana. I'm based in San Francisco, California. Work at Okta for the last five and a half years. I'm a senior principal, technical program manager, and I've been responsible for leading a diverse portfolio, federal security, making sure our products parity with the federal security standards as well as endpoint security enhancements. Partnering with our IAM team, Okta on Okta, to launch some innovative products such as an Okta Identity Engine and FastPass passwordless authentication.
My hobbies, I spend a lot of time playing tennis and pickleball. This is kind of going viral right now in San Francisco, so I enjoy doing that.
And, yeah, hanging out with my friends. Enjoying the Bay Area, so that's a little bit about me. We'll pass it over to...
Okay, great. I don't know if you play paddle here or pickleball, but, yeah. So my name is Joost van Dijk. I work for Yubico, the creator of the YubiKey. My role is a developer advocate, so I help customers integrate their software with ours, and that software is concerning authentication, so different kinds of authentication, but I'm focusing primarily on FIDO. We're also involved in wallets, so lots of interesting conversations here at this conference.
Well, if we're doing the hobby thing, I'm a sailor, and for the rest, my hobbies change every year. All right, good morning. I'm Marco Venuti. I'm Italian, but I work for different corporations and startups in the identity space for the last 20 years, including Novell, for those of you old enough to remember that name, IBM, and now Thales.
At Thales, I'm a business acceleration director, which is a fluffy title for somebody which is really looking at building our system integrator ecosystems of capability in the market in the various geos. And again, at Thales, we do a lot of things around the subject we covered today, but again, that's what we talk later. Hobby-wise, I'm a runner, okay, like long-distance running. That's what I do whenever I can, including here in Berlin, which is a very nice place to do that. Thank you. Dominic Forrest. I'm the CTO of iProof.
I joined iProof when it was founded some 11 years ago now, which feels like a lifetime, probably because it is. iProof, for those who don't know, is the world's leading liveliness company. We work with banks, governments, regulated entities, and corporates globally to strongly authenticate people where you really, really can't afford to get it wrong. So that can be about crossing borders, issuing visas, opening bank accounts, or if you're MGM, maybe trying to reset passwords for the right person rather than the wrong person. I am going to do it for hobbies.
10 years ago, I said I skydive all the time. Now my wife would say I spend far too long playing chess. My name is Ulrich Herberg. I'm a distinguished architect at eBay. I spent most of my career in the Bay Area and just last year moved back for family reasons, but also career reasons. Why am I here? First of all, I want to learn more about wallets. That's certainly a topic that interests us a lot. The other reason is that I'm building up a new engineering hub in Berlin, and I'm on a recruiting spree. So if you are a software architect in identity and want to work for me, please reach out to me.
At eBay, one of the things that I've worked on in the last couple of years is advising our identity teams on implementing strong customer authentication, PC2, guiding us in moving to a password-less future. I will also have a talk where I outline our journey later today, so if you're interested, come by. On hobbies, I like to bike and I like to ski. My wife is not a big fan of that. I broke my left leg on biking seven years ago, my right leg on skiing one year ago, so maybe I should pick some less dangerous hobbies. Try chess.
So, yeah, I've heard vendors give pitches before sitting on a panel, but I've never heard anybody recruit sitting on a panel, so this is a first for me. I'm Matt Brzezinski. I am a senior director of product management at Ping Identity. I've been in identity management long enough to know Novell, long enough to know CI proof get founded, you know, all these things. I have all the gray hair to prove it. I manage our product portfolio for the EMEA region, for the Ping Identity stack. I'm really excited to be here.
My history goes back to biometrics, so, you know, the presentation beforehand was we think passwords are still going to be here. I'm actually at the point where I think we can get rid of passwords, but I was there in 2001 running around a trade show with a t-shirt that said forget your password, so it's been a long battle with a lot of scars, so that's where I'm coming from. As for hobbies, I have a 4-year-old and a 2-year-old, so my hobbies are running after them.
The thing I do to relax is I'm from Manchester, England, but I lived in the states for a long time, so now I'm getting used to dealing with the rain, and so when it doesn't rain, my hobby is to go walk outside because it's like the short period of time you get to do it where I live is amazing. So, walking and chasing after my kids, those are my hobbies. Great to be here.
So, I guess, you know, based on some of this over the last two days, this conference, if you like, I'm sure we're going to mention wallets, but back to you. Yeah, yeah, you just stole my thunder because I was going to say, has anybody heard about wallets and a digital identity? Because I think we have to take that into account that that is, you know, going to be the biggest, newest trend in identity and authentication, and I also think, you know, I made the joke in my introduction that I've been trying to beat the password for 25 years.
I don't think it's going to take that long for us to adopt wallets, and with technology partners like iProve and other people who can do verification, we're going to have verified identities, which is really going to help that authentication problem. Beyond that, though, the last person talked about Fido, and we'll talk about this later on in this panel, but I think one of the big trends that we're going to see is how do we bring to bear all the new authentication capabilities?
How do we make it possible to go passwordless for people who aren't as tech savvy as everybody sitting in this room who has a mobile phone and a laptop? And being able to have those types of orchestration types of capabilities is going to be really paramount to moving into the next step of authentication. Doctor? So I agree with you, Wal, it's certainly a hot topic. I'm also very interested in passkeys. We've seen it in the previous presentation. I hope they will get rid of passwords, hopefully sooner than I think.
We've introduced passkeys at eBay as one of the earlier adopters, I would say, at least of the bigger tech companies. We've seen a decent growth, but it's still, and I don't know the current numbers, I would say about 10% of our users use passkeys. It's not where I would like to be. There is a lot of education, I think, that still needs to be done. A lot of people don't know what a passkey is, how to use it, what the benefits are. We're a little hesitant of enforcing two-factor authentication on all of our users, as much as I'd like to, besides the European sellers where we are required to.
Apart from passkeys, there are certain other authentication factors that I see growing. Biometrics, both local, to unlock on your phone, to unlock the passkey, or other types of keys, as well as end-to-end. They have their own issues with end-to-end privacy. Then we have behavioral authentication factors. We use those as well at eBay, at least as an addition to authentication factors, as an additional signal. How is the user using the page? How do they navigate? How do they move the mouse, enter the keyboard, as well as device binding?
Is this a device that the user has previously logged on that's a good signal that it's maybe more secure, together with challenge response, maybe, to make sure it's the same device? At eBay, you must be one of the largest holders of passwords in the world. I've noticed that you, as a user, it's now actually a lot easier just to log on and forget your password because, like you say, you can use another factor. Just quickly, do you have any usage on how, if people are starting to think, oh, I can't be bothered to keep loading my password. I'll just forget and then use my phone?
So, the forget-your-password flow is still, unfortunately, people use it a lot. So, our success rate of password sign-in is about 70%. That's not great. It means a lot of people, it could be just typos. People type it in wrong.
Of course, we have attackers, too, that try to brute force those. But those aren't even very dominant.
So, it's still a major issue for us. And what else do you use to research your password? I think that's one of the crux with all passkeys.
I mean, as secure as they are, the forget-your-password flow is often the weakest link. It doesn't help if you have the most secure passkey. If someone just enters the birthplace or the mother's maiden name, things that can easily be found out. We don't use those at eBay, but a lot of companies do. Thanks.
Dominic, yes, you wanted to come in. Wow, 70%. I was going to say something completely different, but that number has just blown my mind. Even 30% of password attempts are wrong. That is just a crazy number.
Anyway, the great thing about this question is there's no one answer, so you can't get the answer wrong. Because my view very strongly is there's an awful lot of authentication technologies out there, and I'm going to be controversial. I think all of them have their place, to a greater or lesser degree, even passwords.
So, I don't think we'll ever get rid of passwords. And I don't think they ever should completely get rid of passwords. But what's important is choosing the right technology for the right use case. If I put in a password and what I'm going to do is somebody's going to see my bank account balance, to be honest, they're welcome. If they're going to transfer my bank account balance, then I want something very, very strong. And I guess, really, one of the questions I always ask around these technologies is, what are you actually authenticating?
Are you authenticating the user, or are you authenticating the device? Because so many of the technologies are just really very strong, great, widely used, and growing, and I think that's a good thing. But if it is a private key sitting on a phone, then what you're really doing is authenticating the phone, not the user. And I think sometimes we forget that. We talk about authenticating users, but more often than not, we're authenticating devices.
And sometimes you have to be at the stage where you really want to know who it is you're not authenticating, not what it is, because it's not the laptop or the phone that's going to end up in court if something goes wrong. That's an excellent point, yeah, about, you know, you're authenticating a device as much as anything.
So, yes, sorry, I've lost my – Marco, yes. I've got, like, in my head, I've got numbers above your head, you see, little red numbers.
So, Marco, please, number three. Right, so the question was around trends. So maybe I will repurpose the trend into what's coming after, what we're already assisting in terms of transition. So maybe more about innovation, again, because, of course, password is there to stay for a long while and very much like your analogy, 2001, and you were already there. So the transition out of password is very, very slow.
I mean, slow like continental Greece, slow, really slow. Okay, so it's taking forever. So password is the new mainframe. It's going to stay with us for a long while.
Meanwhile, though, the form of authentication, beyond what we currently look at, is something that's very passionate.
As we at Thales, we do identity, but we do also data application security, and we do a lot in aerospace and in other industries, which is bringing us into new forms, such as brain-computer interfaces, which is pretty interesting because it's a biometric, but maybe also a behavioral form at the same time, because to this day, this is something you need an headset and is a continuous form of authentication that is involved into now flying a plane is new with you because your brain is detected and recognized as such. To do that today is a big thing, but it's becoming smaller and smaller.
In a few years from now, it will become as big as our airports are, and it will eventually become embedded, probably, or part of our biology ecosystem. So that's an interesting thing, and I think that will be part of the continuous authentication transition. That will be the next thing, probably. That's just one example, but it's already here for those of you wearing a smartwatch with a heartbeat detector. You already have a form of continuous authentication with you, which is also something probably coming.
And then maybe I can stop here just not to do all the talking with an Italian accent, but there's more to say about this, and maybe another interesting thing. I don't know if any of you heard about the so-called fuzzy extraction. Another interesting thing. Fuzzy extraction is when you use biometric, not to unlock a device, which is what we use that for, or to walk to the gates in the aircraft, but rather to generate your key. So you're basically shazaming your biometric feature, the face, the fingerprint, to be the mean of key generation. That's pretty interesting.
It's not yet there, very widely distributed in terms of commercial form. I find that interesting, totally unbiased. We don't do that at Thales. I'm just bringing it up because I find it very cool, just for full disclosure.
Not yet, at least. But this is probably among those emerging approaches to authentication coming up in the next few years. I love your accent. It's fine. I can keep going another 15 minutes. Joost. Yeah. So I think the main trends are already mentioned. I think obviously wallets and another one is, I think, pass keys, although that's not really a new technology because it has been around for some time. But I do think what strikes me is that the uptake of pass keys is really taking off now.
I was reading this Google blog last month where they said that they have now 1 billion pass key, 1 billion pass key authentications within a year, over 400,000 users with pass keys enrolled. So those are impressive numbers, I think. And two weeks ago, I was doing online groceries and I was really surprised that my online grocer asked me if I would replace my password with a pass key. So now it's really getting mainstream. And that is a very nice observation, I think.
And then another thing that many people may not know is that if we're talking about pass keys is that they're getting established, but it's not that the development has been finished. So the specs, the pass key specs, like most importantly, the WebAuthn spec and the CTAP spec, they're continuously being improved. So there's different versions and there's new versions coming out. So I expect some innovation taking place there. And we just released new firmware in our YubiKeys, for example, to be on par with the latest versions of those specs.
And I expect that these new features will be incorporated in applications soon as well. And I won't go as far as recruiting people in this panel, but I do want to do some self-promotion about wallets and FIDO, because I'm giving a talk tomorrow about the relation between wallets and FIDO. We think these two technologies go great together. And so this is wishful thinking that this will be a trend soon.
Okay, well, we can come back to wallets in a minute. But Lana, I don't know if there's anything left to say, or I could give you a different question.
Well, I guess I'll just mention one. Yeah, you mentioned a lot of relevant trends. The one that I'm quite interested in right now is the zero standing privileges that we are trying to implement as well, is essentially to reduce the persistent access to sensitive systems or data. So think about it as a time box access where you enable the workflow that gives access to the user for a limited time to perform the task, and then just reworks that access. It helps with other trails and also helps to reduce the internal threat, insider threat, as well as the other exploits, external exploits.
So I think that's quite an interesting concept that we're trying to introduce in addition to least privilege access. And then I guess the most interesting to me is the passwordless biometrics, magic links, security keys, adaptive MFA, federated identity management. So that allows you to access multiple resources and not to re-enter your credentials multiple times. So that's kind of bread and butter.
Well, I'm glad you mentioned ZSP because that's kind of like what I know something about, one of the few things I know something about. But I think that is the future for privilege access. And in fact, it's probably the future for all kinds of access because you won't have privileged accounts anymore. You'll just have privilege now and again.
Okay, so you're going to start. So you get the next question first of all. Biometrics is also talked about quite a lot and it's been seen as the sort of the solution for some time, but it doesn't yet seem to have really taken off apart from people use it on their phones. So what are the advantages and why hasn't it really taken off in the corporate world as much as you might have expected? Or has it taken off in the corporate world?
Yeah, it really probably depends. It definitely took off in our corporate world. We are almost 100% passwordless and phishing resistance authentication. When I think about the traditional authentication methods like passwords, they are reusable, weak, time consuming, and frankly annoying. So I think password manager is somewhat superior.
But still, if you think about recent vulnerabilities and drawbacks, it's still not an optimal solution. So there are quite a few advantages and benefits from using passwordless authentication. It reduces the IT cost for password resets, the credential related tax, as well as if you think about the business value drivers like time savings per employee. If you think about a traditional authentication that takes on average nine seconds versus the passwordless authentication which is roughly three seconds, and then think about the savings over time, it aggregates.
So I think there's quite a lot of cost savings that could actually benefit the corporate. And then the biggest one, if you think from the security benefit and perspective, is the prevention of the real-time phishing. So you're taking out the password as a factor and that's a great benefit to call out there.
I mean, biometrics, some people might think that there is an opportunity to steal your biometrics. And if you're worried about fingerprint lifting or things like that, I think the national state security agencies, they probably use much more advanced and higher assurance standards like FIPS UBKey or SmartCard, so I think you could add additional factors to protect yourself.
Okay, do you want to carry on with that or do you want another question? No, no, I can answer that.
I think, well, maybe this is more our perspective, but do we think biometrics is more a usability feature? And especially within FIDO where biometrics are, they always have a fallback with, so if you take a UBKey, for example, we have this UBKey bio, but if your fingerprint is not properly recognized because you're, for whatever reason, there's always a fallback to a PIN. So it's not as much as complimentary, it's just a usability feature.
And the reason I think that the uptake has been lagging behind a bit is it's also a bit education, because people don't really understand what's happening with their biometrics. So people are sometimes reluctant to use their biometrics, especially in a corporate environment where they think, well, my biometrics, that's personal and that's not for the enterprise. So they're more eager to use their biometrics for consumer applications than in a corporate environment.
So Marco, do you think people like passwords? I'm talking about actual end users, corporate employees, etc. That's why they haven't gone away, because they feel kind of comfortable. They don't like using, you know, their face. I don't believe anybody likes passwords, though.
Back to what you just said is indeed a fallback plan or an alternative measure in case you cannot use for whatever reason biometric means, which would be way more convenient, though there are many cases in many industries where you cannot rely only on biometrics, maybe because you are wearing a mask and because you are in healthcare or something, so that form of authentication is not applicable. Or you are in airtight manufacturing equipment and you are wearing gloves.
And we have a number of customers of that sort, and that defines a multitude of authentication means, depending on which part of the business process, which part of the organisation we're looking at. Low trust, high trust, internal, external. There are two dimensions that define the space of what kind of user you're looking at. Each of those four quadrants might end up with a different form of authentication, but you might be yourself as an individual user belonging to more than one of those quadrants, depending on what you're doing on a given day.
So password is definitely belonging to one of those low trust, okay, internal users primarily, but not necessarily only because of the slow transition that is still in progress. Okay.
So, Dominic, is biometrics absolutely watertight? I mean, I noticed on the iPhone that even if you wear sunglasses, it will still recognise you. Does that mean it's super great because it can recognise the real face around the sunglasses or not? I will do answer that, but I'm just going to ask for a very quick poll from the audience first, if I can. So would you put your hand up if you've unlocked your phone in the last week with either your fingerprint or your face? All right. Has anyone not unlocked their phone with their fingerprint or their face in the last week? Okay.
One, two, three. Five. I think that answers whether biometrics is being adopted or not question. So I think pretty much everybody in here is using it. Biometrics can be an exceptionally usable product. It's very important it is, but I will come back to the key differentiator. Biometrics is authenticating the person, not the device.
At the end of the day, it's the method which allows you to know that the individual who you are authenticating remotely, whether it's creating an account, whether it's authorising an account, whether it's just logging on, is actually the right person as opposed to being a person who's got access to those credentials, whether the credentials are a password that's been phished or whether it's a private key sitting in a secure enclave. I tell the story of discovering my daughter, who was 12 at the time, had had a fingerprint enrolled in my phone for the last year.
So every time I'd unlocked my banking app, neither I nor the bank knew if it was me or her. She wasn't doing anything malicious, but it's just a great example. People think about phone biometrics as being the same as cloud-based biometrics, and they're not. A phone biometric, when you unlock your phone, is saying that somebody who's authorised to unlock that phone is doing so. A back-end biometric allows you to know who that individual is, and that's a really, really crucial difference which gets missed far too much, in my opinion. Thank you. That's an interesting point, if I may.
Even the regulators see this very differently, this aspect. So, for example, as part of our journey to strong customer authentication, as you know, there are two different versions of the regulation, one for the EU and one for UK because of Brexit, and they have added on different opinions and guidelines after the fact. So the European regulator, the CSSF, for biometrics, they don't allow the local biometrics exactly for that reason.
I also, my wife has, I added her, so in emergencies she can unlock it. So who's to say that if there's a financial transaction, and I say, oh, it wasn't me, it was my wife, give me back my money. And so the CSSF, exactly for that reason, sees this critically. Is this real-life experience you're talking about? It hasn't happened so far. Whereas the British regulator, the FCA, allows the local one because of practical reasons.
It's just, it's happening. Yeah.
Yeah, you know, I've fought the biometric fight at least three times in my career. I always give up on it, and I always come back to it. And I think you guys have brought up a lot of great things about biometrics. The one thing that still sticks out to me is you'll go to your employer, they'll take a picture of you, put you on an employee badge, store that in their database. No one cares. As soon as you take a picture of your face or your fingerprint, store that in their database. You can't have my PII. And this is the problem that we see. It's the education.
I think someone else said education about biometrics and about what we're doing. And there's the fear that we have. And then everybody's like, yeah, I use my phone and that's great. But if I know your pin code, I can enroll myself on your phone. So now I can be you. And I've just really only authenticated the device again, even though I did it myself.
I think, you know, the panacea for biometrics, and as much as I really want biometrics to actually make it, is when we get to a really sophisticated digital wallet. So when you can enroll a biometric that is verified that it is you by the people that are enrolling it, and store it on your phone in a signed way that can't be tampered with, that has nothing to do with how you unlock the phone, but how you unlock the digital wallet, now I have server-side biometrics on my phone.
And you know, everybody, I think people, they might not even understand how much different it is, but hey, it's on my phone. And that's, that to me, is how we're going to see mass adoption of biometrics, is through the use of wallets, and doing it on your phone in that way. If I can just add to that, I mean, what you've just described exists today. I'm going to Identity Week next week in Amsterdam, from London, traveling on Eurostar. Sitting on my phone right now is my biometric. And on the day of travel, I'll click a button and that will upload into Eurostar.
And I will walk through UK Border Control and exit UK Border Control without talking to anybody, without stopping, just walking down the corridor. That's today's capability and reality.
Yeah, it's getting there. Yeah, absolutely.
I mean, I've worked on a lot of projects to do biometric airports, right? So you enroll the day before you travel, and you just go straight to your plane. So I've seen all that. And then the other thing I wanted to point out on, you talked about the security of biometrics and how you can always fail back to a PIN, especially on FIDO, right? And so at Ping Identity, we have great FIDO2 support. We have all this stuff, and we're going to go passwordless. And then we have banks and retailers and certain geos in the world that say, can't use that. I need to do digital signing.
And the reason they can't use FIDO is because FIDO, you can't turn off the fallback. So at the end of the day, it's a PIN. So with our digital signing capability, now they can enforce biometrics.
Now, it's still the biometrics on the phone, but they feel more secure that way, even though it could be your wife. I mean, my wife just has my credit card. It's a whole different thing. But that's what they're doing, and that's what they see as a difference. But it's still not server side. But they just are like, OK, I can't fall back to a PIN, so it has to be more secure.
OK, let's go back and do another quick poll. How many people have logged on to their corporate account using biometrics in the last week or so? So it's a little bit less.
Yeah, OK. Is there another microphone available, or are they all used up?
No, OK. I'm just going to open it up to the audience. If anyone wants to ask this excellent panel a question, you'll have to shout. No? Yes. If you could be really loud, that'd be great. So I'm just going to ask a question. I'm just wondering, what is the relationship between the risk of you really trying to protect against versus the kind of usability and other aspects of your device? My view is that the risk associated with a wrong person who's operating a device, they're trying to do something new. They're trying to do something certain.
I'm just wondering, do you think that that's a problem? I think the European regulators have got a problem. My personal opinion is I agree with you. The regulations, in my opinion, they have the right intent. It is to protect the assets, my financial assets, that, for example, you can keep on eBay or your banks.
However, they are very prescriptive. The regulations go into the technical details, such as this one, which goes beyond the intent.
And also, it doesn't age well. When the regulation came up, PSD2, Paskeys didn't even exist, or at least they were not widespread. So we always feel at eBay, and it's also my personal opinion, that the regulators, and I hope that with PSD3, they will go more in the intent and not so much the means. And this kind of question about end-to-end versus local biometrics is a very good example of this. Thanks for your question. There's one question down here.
We see an increasing number of use cases where employees are not allowed to bring their personal device or, in fact, any device into the workplace area, thinking trading floors or call centers or clean rooms or secure manufacturing facilities. Do you see any alternative to server-based biometrics for authentication in those sorts of environments? Or are we still going to be stuck with passwords for device-less, password-less authentication?
Okay, great question. Any of you willing to answer that? I think people assume what my answer is, so does anyone else want to answer it first?
Well, in my case, we assist to that, indeed. And then going back to cases that we assisted over the last year, where the wearable was part of the solution, okay, though not biometric in this case, of course. And the reason why I brought up before the Shazam example, the biometric, meaning key generation out of biometric features, which is a server. It's not even a server match, because we've been talking a lot around device match versus service match.
What I'm talking now is key generation out of biometric features is, in my opinion, and not incidentally, primarily devoted to B2E cases more than consumers, okay, because there is a lot of trust involved in the mechanism to extract and store the key. But this is maybe why I would assume that something inevitably going to be increasingly popular in the next 20 years.
Okay, so depending on what is the pace of adoption. Please tell me we're going faster than that, please. It can only be faster than that.
I mean, passwordless has been killing me. I love your line, password is the new mainframe. They're always going to be here. I think the other thing that we need to think about is there's going to be a ton of new technology that comes out. Just the things that we're doing today, we weren't even really thinking about six years ago. The way wallets have gone so fast compared to other things is amazing. The ability to get those authentication capabilities to the right people in the right environments, because there is no one authentication technology that works for everybody and everywhere.
That's where I think we have to start thinking about how do we provide these technologies to people based on their context, where they are, or based on what their devices are, or based on their physical capabilities. And that's, I think, going to be what enables us to move to advanced authentication techniques as they come out a lot faster, if you have that infrastructure that allows you to do that.
It's interesting, actually, because I think on the stand this week so far, I've been asked more about device-less access to areas where you can't take devices in than any other single subject from airlines, from manufacturers, from finance institutions, from governance institutions, and it is really a growing trend, I think, at the moment. It's been a very surprising number of conversations in that area over the last few days, and in some areas where, you know, some types of organizations and sectors where I wouldn't have expected it. Thanks. Is your question quite quick?
Did you have a question? Yes. Is it quick?
Okay, fire away. I'm worried about your deployment of BASKETS. You shared two numbers. One was the 10% adoption of BASKETS so far, and the other one was the 70% success on password authentication. I would like to know, to complement that, if you would have a success rate on authentication on BASKETS, and if you have an idea of why the uptake of BASKETS in your case is… Okay, that's quite a long question for a quick question.
Yeah, so we see about, I think, upper 90s, 97% or so success rate on BASKETS, which is a lot better than 70%, obviously. And we also see the time to complete this authentication is reduced in half, so instead of six seconds, we see that in about three seconds, another big benefit.
Okay, well, we've taken your time. All the panellists will still be here, so if you want to grab them and have a more in-depth conversation, that'd be great. But we have run out of time, so I want to thank an excellent panel.