Hi, welcome to the webinar, best of Both Worlds Combining MFA and Past Less Authentication. Today's webinar is supported by Intrust, and my name is Alejandro L. I'm a research Analyst at ER Cole, and today I will be joining Rohan Rames. Hi Rohan.
Hey Alejandro. Nice to be here.
Rohan is the director of product marketing at Intrust and we will be discussing the various types of MFA based attacks and how to combine MFA and Passwordless authentication to improve security. Thank you, Rohan. Look, looking forward to it. Okay, so before we begin the webinar, here's some important information. All of you are muted, so there's no need to mute yourself or unmute yourself. We are controlling these features. We are also gonna be conducting a few polls, so I encourage you to participate and at the end of the webinar we will have a q and a session. You can enter questions at any time using the go to webinar control panel. We are gonna be recording the webinar and it will be made available for download in the coming days. So the agenda for today, I will begin the webinar by introducing some of the most common MFA and password related challenges that many organizations face. And then I will explore the concept of password related authentication. Then Rohan will begin his presentation and then at the end we'll have some time for a Q and a discussion. So here's the first poll of today. The question is, does your organization offer passwordless authentication, MFA and or risk-based authentication for consumers? Yes or no? I'm gonna give you guys around 20 more seconds and then we can move forward.
Okay, let's continue. So first we have some of the, oops. First, we have some of the passwordless authentication trends that we observed in our latest research. The first one is passwords are still widely used and they will not quickly disappear. A lot of websites today still only provide usernames and passwords for authentication. However, we see a trend towards utilizing passwords authentication, and we also observe a significant uptake in enterprise use cases. But with all the legacy applications and systems in place that still expect passwords and instead of supporting federation protocols, we won't be able to see complete elimination of password of passwords just yet. However, the password authentication market will continue to grow rapidly. Our analysts predict that the compound annual growth rate goes up to 31.1% leading the market to reach 6.6 billion US dollars by 2025. In addition, password ation, we likely gain momentum in the enterprise based on the evolution of supporting in enterprise grade management of Fido keys.
In addition, we can also see that the growth of e-commerce and the continuing shift of hybrid work will contribute to further adoption of pathless technologies. So why go passwordless? I think it's important for us to address why passwords are failing as an authentication method. We all know that passwords are inconvenient and insecure. Passwords can easily be guessed, stole or compromised. And number of studies have shown over the past few years that most data breaches involve the use of stolen credentials and compromised passwords in additions. Passwords are also very costly and they're very difficult to manage for organization and in many cases, employees and users use or reuse similar passwords across different platforms, which increases the risk of password based attacks. I believe Rohan will talk more about this later, but MFA fatigue and MFA legacy solutions are also some of the main challenges that organizations face today. Legacy MFA solutions still rely on the password as a backup or as a first factor of authentication. Traditional MFA solutions require users to provide two or more factors in order to be authenticated. Unfortunately, some of these factors are prone to phishing attacks such as SMS codes, voicemails, voice calls, I'm sorry, push notifications, and one time passcodes.
So by removing the risk associated with passwords and adopting a passwordless MFA solution, organizations could prevent password based attacks and increase the overall security posture of the organization. Here are some of the most common types of attacks and here at topping your call, we strongly believe that fostering a cybersecurity culture is essential. Organizations must understand the threat landscape, they must know what the cyber criminals are doing and they must support, they must cease supporting legacy authentication methods.
We also understand that there are different flavors of password authentication and there are different views on password authentication, but we define password authentication as a term used to describe a set of identity verification solutions that remove the password from all aspects of authentication and from the recovery process as well. Passwordless authentication solutions means that there is a strong MFA and no password or password hashes are traveling over the network. Here are also some of the main capabilities that we believe are essential. This includes support for a broad range of authenticators, strong authentication risk, adaptive context-based and continuous authentication, which is a very important aspect that I will explore in the next slide. Adaptive and step up authentication support for legacy application and services. Strong cryptographic approaches. Integration with third party authentication device trust on multiple devices, support for all major identity federation standards and a comprehensive set of APIs. We expect solutions to cover most of these capabilities, at least at a good baseline level.
So risk adapt, risk adapt, adaptive authentication. It essentially describes the process of gathering additional attributes about users and their environments and then evaluating those attributes in the context of risk-based policies. The main objective of risk adaptive authentication is to provide the appropriate risk mitigating assurance levels for access to sensitive resources by requiring users, users to further demonstrate that they are who they say they are. MFA and risk adapt, adaptive authentication can go hand in hand risk adaptive authentication systems can leverage MFA methods for, especially for those cases where they do sense that something is amis in the reque. In the request context, risk-based MFA can significantly reduce fraud and strengthen the security posture. During my research on past authentication and especially during the leadership compass risk, adaptive authentication was one of the capabilities that stood out to me in entrust identity and I'm sure that Rohan will talk more about it later. Here are also some of the factors that are evaluated by risk adaptive authentication engines. This include geofencing, velocity, device history, device health, and this is just short list, but there are many, many more options available. Organizations have different needs and requirements when it comes to adopting a password solution. So although there are different flavors and different views on password list, organizations need to carefully analyze their business needs in order to choose the right password solution, the one that shares their view on user experience, security and technology stack. So it's important to
To consider talking with advisors in order to understand how to better integrate a password solution with your existing infrastructure. So in the next slides I'm gonna talk about the leadership compass that we published in October of last year. Just to provide a a summary on the main capabilities that we were looking at. Some of the things that we took into consideration.
And in this evaluation criteria we considered account recovery as one of the main elements because there are some solutions out there that do not facilitate users when, for example, they lose their device or their phone or they lose their account solutions must make it easy for users to recover their account. We also looked at architecture and deployment. Those solutions that are based on microservices and the ones that are flexible are considered to be more desirable. We also looked at authenticator support, of course, APIs device trust, which is a very important element. For example, if you have multiple devices, you need to make sure that they can perform the, I think we're gonna, we're gonna have to edit that device. Trust is another element that is very important to look at. For example, when you have multiple devices, they should all be trusted and authorized to perform certain tasks. We also looked at I am support and how solutions can facilitate the transition from legacy systems to a more modern authentication system. And then the last one was scalability and modern solutions must be able to keep up with a number of customer supported. For example,
Here are some of the
Dimensions that we rated, some of the categories this include security functionality, integration, interoperability and usability. Of course usability takes a look at the user experience. And additionally we also have innovation, market ecosystem and financial strength. So these are the dimensions that we undertook when evaluating all the different vendors. In total we had 24 vendors in the leadership compass. Of course there were some that were stronger in in the market category than in the innovation for example. But there were some cases with very small companies that were very strong in innovation, but let's say not very strong in market.
And to better understand how we ranked all these vendors, we had different categories of leadership, product leadership that looks at functionality and completeness of the product. We look at the market leadership, which looks at the partner ecosystem and the number and geographic distributions. We also looked at in innovation leadership that explores more the capabilities that solutions provide and some of them have different approaches to passwords that are quite innovative. And then the last one is the overall leadership. And then the next slide you will see the overall leaders in the market. And like I said, there are 24 vendors and during the research we realize that this is a very competitive and dynamic market. Many vendors are excited to show their products and their capabilities. And as the market continues to grow, we expect to see more competition and innovation in the market. And for example, here we see entrust as one of the overall leaders and the overall leadership rating is the combined view of product innovation and the market leadership. And here's a spider chart of entrust and these are the categories that I mentioned in the first slide. AmTrust has very, very strong rating in scalability, in AM support and device trust, and also scoring very well in the other categories.
And the second poll, how many passwords do you still have in use in business? First option is one to 10, the second option is 11 to 25, and the last option is 25 to 50. I'm gonna give you guys about 20, 25 seconds and then we can proceed. Okay, let's move forward. We believe that's now Rohan's time to talk about MFA and PAs the floor series.
Perfect, thank you Alejandro and thank you for your time everyone. So we'll just talk a little bit about some of the MFA and posts attacks that we're seeing in the, in the news recently. But before I go there, let me just give you a quick background about who entrust is and what we do. We've been in the business for over 50 years, robust set of global partner ecosystem with about thousand plus partners, over 850 million in revenue and 44 global offices. We're, we're pretty strong in the identity space. We have over a hundred million plus protected workforce and consumer identities. We support everything from workforce to consumer to citizen use cases as well. So you'll see here from a, from a citizen perspective, over 200 countries, nationalities have their citizen identities verified. We're also in the payment and financial card industry where we do payment cards and financial cards issuance as well.
So with that, I'll jump into, you know, some of the things that we're seeing in the news of late, you know, this is a headline that happened recently, right? 200 million Twitter users email addresses leaked online. You know, why is that of significance, right? That is, you know, when you have an email address, when you have a profile that is a starting point for many, many social engineering attacks that can then lead into other types of authentication, tax and account and ultimately to an account takeover. In addition, we're also seeing passwords, like Alejandro mentioned, passwords are still in use, they're still being reused for a lot of services. In this example, you know, billions of passwords leak from online, from past data breaches are actually stored on the website and distributed and you know, used pay attackers in their attacks in recent attacks as well. And that can lead to, you know, many different types of attacks from social engineering credential stuffing, you know, where you know a user's email password has been compromised from one service.
The attacker then uses that same culmination across different, different services and applications, especially as password fatigue and password reuse is a big common factor for users. Root force, password strain or other set of password based attacks. Companies have started adding mfa, but attackers are getting smarter, right? MFA is not the same. It really depends on the type of authenticator you're using. So I'll go into one of these examples here from a MFA fatigue or from bombing type attack and sort of walk through a live sort of example in terms of how that attack took place and how you could have prevented it from an identity and authentication perspective.
So this was a attack that happened a few months ago. It was, it was a large company, I won't go into details, but the attacker basically had the details of an employee and they triggered the multifactor authentication from a push authentication perspective using password as a first factor. They spammed the employee multiple times over an hour, contacted the employee through WhatsApp, convinced them to accept one of those notifications if they wanted that, those notifications to stop, which he did and that's when the attacker got it. So let's take a closer look at this particular attack and sort of how it unfolded. So if you look at the cyber kill chain, for example, the attacker first used social engineering to gain access to the employee's contacts, credentials, the initial password that was used, email, phone number, and other details. Now, the attacker that actually did the social engineering attack was not the attacker that actually gained access to the system.
So these details were then sold in the dark web to the attacker who actually then used this in the actual attack. So if you look at, you know, from a weaponizing perspective, this attacker used that initial information to log into the employee's account, triggering MFA notifications. The employee was in spam with a number of push notifications and was then contacted via WhatsApp where the attacker posed as the IT team and convinced the employee to accept one of these to make these notifications stop. Once the employee accepted this, the attacker gained access to the network as well as the V P N. What they did then was to start moving laterally within the network. They scan the network following the PowerShell script on a shared device that contained credentials for an admin user, for a PAM solution provides access management and these credentials then gave the attacker further access to critical data on the network.
Once they did that, they gained access to other data and then proceeded to exfiltrate confidential data out of the network into, into their their own systems. So from a defense perspective, how does passwordless and MFA play here? So from a, from a recon perspective, obviously eliminating passwords altogether. So not using passwords in the background, not using phosphorus first factor adds a solid defense. Another one to note is to adding sort of notifications when your contact information has changed. A lot of times attackers will go in change contact details. So when they trigger M F A, they get the M F A notification and not the actual user. So being notified both from an IT perspective as well as from an end user perspective when any contact details are being changed, is also pretty crucial from a delivery perspective. Using high assurance passwordless capabilities also adds a layer defense.
So when we talk about high assurance, a lot of times it means gaining physical proximity to the application device where the user is logging in from. So for example, Alejandro mentioned the Fido Alliance and Fido Keys for example, that user's Bluetooth to ensure that the user is in close physical proximity to the application or device that they're trying to log into. As well as sort of, you know, first time login from a new location device that sends a notification to the user and then adding on layers, right? So cybersecurity is viewed from a layered perspective. So you, you strengthen the, the front lines with a strong high assurance multifactor authentication capabilities. But then you also need to add on a risk based step up layer to look at sort of contextual information, right? Did this, you know, authentication request come from a brand new device that the employee never used before?
Did it come from a location where the employees never logged in from before? If so, then challenge the user with a separate M f A authenticator, right? Or if all these factors show enough sort of indicators that the accounts being compromised, deny access completely, right? So adding that risk based step up authentication helps solidify the defenses further. And then from an installation perspective, right? So once the attacker gains access, so when we talk about, when we look at, you know, from a zero trust perspective, for example, one of the key principles of zero trust is a Zoom breach. So when you do that, you start looking at how do you minimize sort of the blast radius when an attacker breaches your systems. So not only adding MFA and risk based, atta adaptive step-up authentication, but also securing your high value assets. So a lot of times, you know, when we look at things like Windows servers, for example, within a organization's network adding MFA to on-premises Windows servers, for example, securing your PAM solution with strong assurance mfa, all these add multiple layers from a defense perspective. And then finally adding all this together as well as, you know, having sort of that continuous authentication with from a, from a risk-based perspective provides a more robust defense against an attack similar to, to this one. Now we go into some of these details in terms of different authenticators in the next few slides here.
So, you know, some of the common m FFA authenticators that you know, users typically use on a day-to-day basis. You know, we, we all use SMS one-time passcodes voice, one-time passcodes email, one-time passcodes mobile push notification for example, even, you know, time-based one-time passcodes from a soft token perspective, all these authenticators are still vulnerable to various types of attacks. So if you see here, you know, your SMS voice, email OTPs are vulnerable to phish or adversary in the middle of that attacks. You know, your mobile push notification is vulnerable to the prompt bombing attack that we just talked about as well as the adversary in the middle. So how can we look, how can we sort of protect against some of these attacks here? So if you look at the spectrum of mfa, having more factors helps make your authentication process more secure. But from a high assurance perspective, you will look at the, the authenticators here on the high end of the spectrum.
You'll see that all of these have a proximity, physical proximity factor that's part of the authentication process. So if you look at P two keys, again, the U S P key that has the 5 0 2 credentials needs to be in proximity to the device the users logging into. I'll talk about the pta mobile smart credential with Bluetooth proximity that entrust offers, again requires physical proximity using Bluetooth. The latest vital credential PAs, again uses Bluetooth. I show a short demo here in terms of how that works, making it more high assurance to ensure that, you know, we can protect against the remote pace attacks like the one we walked through previously from a mobile push notification perspective. Another enhancement that, you know, we're seeing being added interests also offers us is mutual authentication where you have a randomly generated number show up in the application that you're logging into and you need to verify that particular number. Again, it's not fully bulletproof because it is still yeah, vulnerable to adversary in the middle, but it is resistant to phishing and mfa.
So one of the MFA authenticators that I briefly touched upon in the, in the previous slide grid cards, this is a lowcost, multifactor authenticator that entrust offers. It's seen mainly in frontline and field employees where they're not able to carry a mobile device, for example. So it's just a grid card that can be email printed out on a piece of paper and can be challenged from an of P perspective. We're seeing this in use cases where, for example, in a call center where an employee's not allowed to take their mobile phone into the clean room because they're handling sensitive PII data cards is a easy low cost alternative to offer multifactor authentication by sharing a challenge. It can be revoked when needed, it can be regenerated. It's unique to every employee and easily distributable. So this is something entrust offers as well.
PKI based mobile smart credential, again, we're seeing a lot of adoption with this particular authenticator. It basically uses digital credentials using certificate based authentication, installing digital identities, using credentials on a mobile device, converting the user's mobile device into a trusted device that can then use biometrics to authenticate the user. And then over Bluetooth logs, logs in the user to a device and then adding in single sign on gives them sort of a true passwordless experience by logging them into multiple applications from that initial biometric check. One of the benefits here is email signing encryption, something that we're offering from a use case perspective and pki, I again uses public key infrastructure cryptographic mechanisms to ensure sort of strong authentication mechanisms. Pasky, again, this is the latest offering from Fido supported across multiple platforms from Windows iOS, Android, where the user initiates login and the application issues, a security challenge to the user's smartphone through Bluetooth. There is a private key that's generated on the user's device that's then used to sign and send back a security challenge. And the application then verifies that challenge by using the public key that's stored on the application server. Now this is great because there is no reuse. Every application has a unique pair of public key private key, private key only store stays on the user's device. It does not stay on the application server, so it cannot be compromised as easily as passwords. And it uses the physical proximity based factor to log in a user.
So we'll show a shut demo here. This is using our identity as a service platform. So you'll see here, you know, we click on PAs keys, there's no user id, there's no password, and we're logging in from a different device. It'll ask you to enable Bluetooth because that's how it communicates to your smartphone. And on the right you'll see here, scan the QR code, authenticate yourself using facial biometrics in this case. And once you're authenticated from a facial biometrics perspective, you're automatically logged in through that Bluetooth connection to the device. So again, very simple, it's taking off a lot of friction in the authentication process, but it's also adding in security from, from a proximity based multifactor authentication perspective.
Now lastly, you know, we talked a little bit about adaptive risk-based step up authentication, looking at different sort of factors, right? Like time of day, day of week, geolocation velocity, for example, right? Like if I logged into an application from New York at 10:00 AM Eastern and then five minutes later my account tries to log in from London, uk, we know that that type of travel velocity from a user perspective is not really possible. So then, you know, the risk score grows up and then you can add and configure based on your use case. You can configure different weights and you can configure whether you wanna challenge the user with a different type of authentication or block the user's access output. Now this is really important because it helps you achieve a balance between friction and security. If a user is logging in from the exact same phone, exact same IP address, exact same time, if they, you know, the, the risk score is very minimal, you can get them logged in with, you know, the first MFA authentication mechanism that they use. But if you see that the risk score is higher than a set threshold, you can challenge them and add friction, you know, by challenging them with a second MFA factor authentication au authentication mechanism. So it's, it's fairly, it's very com configurable and sort of adds a layer of sort of trust and security to the authentication process. Another sort of fun fact from an entrust perspective is we're opening up a risk engine to to, to input various sort of risk inputs from different, different solutions to sort of further, further enhance the risk engine here.
And finally, I'd like to set up end with set up our, our platform here from an entrust identity and access management perspective. We support all three use cases from workforce, consumer and citizen. You know, we have high assurance credential based passwordless authentication, we provide identity proofing, adapter, risk-based authentication. We helpful for several of the regulatory obligations like a yc, PST two tdr and so on, make it easy from a single sign-on perspective. We also have a flexible set of deployment option. So we, we have our cloud-based identity as a service, but we also offer on-premise as well as hybrid modes of deployment. And our mobile SDKs are easy to use to, to enable you to, to, to offer authentication services using our our platform into, into your own applications. And lastly, we have a comprehensive set of integrations. We, we, we have multiple partners and we play well into the broader ecosystem of applications that many users encounter on a day-to-day basis. So with that, I'll, I'll end the presentation there and I'll turn to Alejandro to see if you have any questions.
Thank you Rohan, for sharing your view on entrust approach to Passwordless. There are very, there are some innovative features that you mentioned that were shown in the report that we conducted last year. I don't know if I mentioned this, but other than you guys being an overall leader, you were also in the innovation and market leadership categories. So entrust also provides, like you mentioned, support for different deployment models that can help organizations that still rely on, on legacy systems. So thank you once again for sharing this information with us. And now I think maybe we can jump into the q and A session. The first question here that we see is asking
What should be considered when choosing passport education solution. So if I can take this one, Rohan, deciding on the right deployment model is an important and is and crucial factor. The capacity to support hybrid de deployment models, as Rohan mentioned, across on premises and the cloud is fundamental for any organization. Of course, costs are also important to consider as well, the vendors licensing and pricing policies should be carefully analyzed to make sure that they align with your current and future requirements. And last but not least, I'd say that interoperability is also important. The ability of the product to work with other vendors, products, standards, or technologies should be seriously considered. Let's see, the next question says, what is the importance of Passwordless and MFA in the context of zero trusts? Maybe you can take that one Ron.
Sure, yeah, that's a great question, right, so we, we hear a lot about zero trust. Now if you look at the, the three main tenants of zero trusts is verify explicitly of release privilege access and a zoom breach, right? So if you look at the first two, right, verify explicitly to do that, you need to be able to verify that a authentication request is from the user who, and they say and, and they are who they say they are, right? For example. So ensuring that, you know, account takeover attacks are prevented, ensuring that, you know, adding high assurance passwordless, MFA based authentication strengthens that initial policy from a zero trust perspective and ensures that, you know, only authorized users are logging in, authenticating themselves and accessing services. If you look at the third tenant from Zoom breach, again, adding those m FFA and high assurance perspectives like let's say to like Windows servers on premises or to your patent systems, again, further limits out of those lateral movements within your network when an attacker breaches your systems.
Okay, then the next question is asking how can organizations migrate from a legacy to a passwordless solution? If I can take that one. I I say that a common issue with legacy systems is their inability to remain agile and to adapt to new business requirements and challenges. So in order to transition to a more modern authentication method, a modern architecture is essential. One that is based on microservices because organizations require high flexibility and also the importance of API support is crucial in this aspect as well. And there are many other things. I'm not sure if you would like to add something on that.
No, that's, that's great. Great question. Great answer. Yeah, so sort of making sure again from a, from a, from a deployment perspective, from a, you know, adoption perspective, making it easy using APIs, using STKs to allow organizations to adopt these higher assurances, to adopt these MFA authentication mechanisms within their applications. And also making it easy for users to register and sort of, you know, onboard from a, from an onboarding perspective also helps with sort of that, that migration perspective.
Absolutely. And I think the next question is for you, those interest identity as the service support offline authentication?
Yes, we do. Short answer, yes. So, you know, one of the, one of the use cases that we we're seeing more recently, again, I kind of mentioned this from a Windows server perspective, we see a lot of times when you know authentic, when users want authenticated into Windows servers that's within their, you know, own private data centers for example, you know, we do support offline authentication when they're not connected to the internet. Cause you know, some of them might be air gap for example. In those cases we, we do support offline authentication.
Okay, next question is asking, since you guys know a lot about the passwordless market, in your opinion, when will the passwordless finally die? I think that's the ultimate question. Like we said at the beginning, unfortunately passwords are still widely common and they will not quickly disappear. So I'd say that passwords will be here for at least a decade, perhaps maybe less. Hopefully it will be necessary to convince all school mentalities to switch to let's say a password authentication because it's hard for people to stop using something they are used to. And that's for both workforce and consumer use cases. So perhaps with the adoption of passwordless authentication solutions, we're slowly gonna be eliminating passwords, but I think somewhere there will be a password around not sure what you think.
Yeah, no, great, great, great point. Again, you know, we, we've been hearing about for a number of years now, right? And, and we're still nowhere close to sort of getting rid of them. But I will say this, that, you know, with the, with the advent of Pakis for example, where multiple sort of big platform vendors like Microsoft, apple, Google with their iOS, Android, and Windows are supporting this natively, for example, right within their platform. And then, you know, converting the user's phone as the bio authenticator makes it more seamless and more easy. So we'll see a more, more rapid uptick in adoption from Passwordless with the growth and adoption of paske for example. But again, like you mentioned, it will take a few years because now applications need to go and enable this within their, within their own applications, right? Like to, to offer this capability.
So you know, that will take a number of years. So I would say within the decade we should definitely see the elimination of passwordless, sorry, within elimination of passwords and the adoption of passwordless. Another one is set up, you know, you have the slide up here, so I'm gonna mention it. Decentralized identity, sort of, you know, another aspect where you know, greater privacy based on public key infrastructure cryptography for example. If you look at like a number of the solutions that we talked about from a high assurance perspective, you know, most if not all use some sort of cryptographic, use some sort of PKI based technology over Bluetooth for example. So we'll, we'll see more and more adoption of this next few years.
The next and final question is somewhat related to what you just said. What are the main challenges that pakis are facing?
Yeah, sure. Yeah, I mean that's not a great question, right? So I kinda al already mentioned one of those challenges right now organizations need to go and, you know, reconfigure their applications to offer the pasky mechanism from registration to authentication for example, right? Like how the users onboard and register a pasky without a password in the first case. Secondly, we'll see greater adoption the consumer side mainly because, you know, one of the things with pasky is it is the, the private key that's stored on the user's mobile device for example is also sync to the user's. For example, from an Apple perspective, it's sync to their iCloud account. So from a workforce perspective, this might go against a lot of you know, policies, right? Where companies don't want, you know, their employee credentials to be synced on a third party cloud device, cloud account. So that might be be another sort of policy-based challenge that we'll face somewhat option on the workforce side, but I think we'll see greater adoption on the consumer side with PAs.
Well thank you for sharing your thoughts. Now just to conclude the webinar here we have next month we're gonna have the European Identity and Cloud Conference. It will take place from May 9th to May 12th in Berlin and it will be a hybrid event in Berlin and online as well. So we're gonna have various topics and including Passwordless. So I hope to see you all there. And here you can also find more related research by co a call on the topic of pais authentication. We are also planning to do an update on the leadership compass on authentication by the end of this year. And I believe that it will be a very exciting and competitive leadership compass and some of our services. We have these events, the one coming up in May. We also offer advisory projects and research. So that's all for us for now. And thank you Rohan for joining me today. I really enjoyed your thoughts on Passwordless and sharing your view on how Entrust does Passwordless. Any final thoughts?
No thanks. Thanks for having me. Appreciate it. And you know, you kind of mentioned the E IIC conference, Andrus is gonna be there. Stop by the booth, come see our presentations and yeah, happy to be here. Thank you.
Alright, thank you. Bye.