The Correct Identity — Implementing Executive Order 14144 (January 16, 2025) with No User Action

On January 16, 2025, President Joe Biden issued an Executive Order (EO) calling for the Federal Government to adopt proven security practices to enhance identity and access management (IAM), improve visibility into security threats, and strengthen cloud security.  While the Executive Order sets forth a commendable vision, we believe the call to adopt proven, existing industry practices is unusable and impractical, as no such proven practices currently exist. The industry has not succeeded in effectively guarding against cyber threats.

Instead, consider leveraging WinMagic’s approach—perhaps unfamiliar to you and therefore deemed unproven, yet built on the right foundation with the right thinking: a revolutionary, all-important identity-centric concept. This practice offers a level of security superior to any method currently known, with an even more remarkable advantage: no user action is required. Unbelievable? Right, it’s unbelievable. We understand your skepticism. Allow us to explain!

Executive Order 14028 idealistically required continuous verification of users and devices for every application and transaction. If we could have achieved that, then no attacks would have been successful. The industry was unable to implement this, partly due to a fundamental misunderstanding of the concept of “identity.”

  • Verifications happened, but not accurately. It is very difficult to verify accurately a user online.
  • Continuous verification of user implies user needs to do something often or continuously. Clearly this is not feasible.

As a result — not only does the industry not “continuously” verify the client, but it also uses Single Sign-On (SSO) – actually the opposite of continuous verification – to reduce user’s burden.

WinMagic’s big idea – we believe this is what the industry will adopt, now!

The industry emphasis on “Identity First” suggests verifying identity before granting access.  However, it fails to ask the foundational question: Whose identity are we verifying? 

Redefining Identity: “User on Device”

WinMagic challenges the status quo by redefining identity to include “user on device” instead of user.  Our approach clarifies what identity we are targeting and addresses the shortcomings of current solutions.

  • This identity concept binds user to device making the identity accurately verifiable – and thanks to public key-based cryptography, secure against attacks for many years including AI threats.
  • The endpoint verifies the user, accurately with endpoints’ local MFA. More accurate compared to a remote server and mostly free from AI attacks.
  • Because the endpoint performs the authentication of the identity “user on device”, it can happen often – continuously/always. With no user action required and the method relying on public key cryptography with user and device bound passkeys, the solution is inherently phishing-resistant—effortless and straightforward.  But that’s not all—the concept offers much more than just phishing resistance.
  • The quest for the identity “user on device” calls for the integration of endpoint access and online access. The endpoint is managed and protected by the server by default, independent from any online access.  The persistent connection between the endpoint and IdP serves as a trusted channel like the phone number in the back of a bank card.  Applied to cybersecurity, this proven real-world banking approach will elevate the solution above all others, ensuring an unmatched level of security, even to the extent that hackers cannot get access no matter what.

The Way Forward

The Federal Government’s Executive Order rightly underscores the importance of adopting security best practices.  However, to truly secure against evolving threats, we must move beyond what’s “proven” today and adopt what’s correct for tomorrow.

WinMagic is leading the charge with a solution that fulfills the Executive Order’s vision and elevates it: always-on, no-user-action authentication that delivers uncompromising security and seamless usability.  The industry must follow this direction—or risk remaining vulnerable.

Ready to reimagine cybersecurity? Join us in leading this transformation. Together, we can make security effortless and effective for everyone.

Previous Post
WinMagic Releases Open Letter to IT Security Thought Leaders
Next Post
Freeware Released: Securing SSH Access with MagicEndpoint’s FIDO-TPM Innovation
keyboard_arrow_up