Using Your Mind to Authenticate | Alex Natividad MD from NimbusID

We can probably all agree on two things about the digital age: security is essential, and passwords are terrible. We all have hundreds of accounts on various services requiring authentication—using the same password for all of them would make you highly vulnerable but remembering separate passwords for each is impossible.

Password managers are helpful, but passwords can still be cracked, stolen, or simply guessed. Alex Natividad MD has an intriguing solution offered by his company, NimbusID. They call the product CognitiveID and it uses our natural memory associations to ensure we’re the people we claim to be.

Think of it as a True Human Centric IDentity Test to prove it is you behind any device used for access authentication and transaction.

More information:

Alex Natividad, MD, the patent inventor of CognitiveID and NimbusID CEO, spent 30 years studying and applying neuroanatomy, cognition, and memory. These scientific and medical pursuits led him to discover the unique attributes of natural memories (when aggregated and disaggregated) to be used as the IDENTITY TEST of a human attempting access or making transaction across the web of a finger.

This revolutionary technology simplifies a digital user’s life by eliminating (1) The hassles of creating and remembering passwords and (2) Eliminating identity and data theft due to traditional phishing and brute-force hacking attacks. When used with a smart phone, a CognitiveID is expressed with just 3 quick taps

NimbusID is a software development implementing CognitiveID. Our downstream developers integrate the CognitiveID code with helpful components as: 

  • A public API, SAML compliant and support for secure email. It is scalable and can work with SMS providers (e.g., Twilio). 
  • An extensible, standardized secure API for integration with systems. 
  • Support for authentication to SaaS, OnPrem, SASE, full Integration, or bolt-on deployments through Single Sign-on. 
  • An admin dashboard to manage and customize for white-label integrations 

CognitiveID enables industry stakeholders to know when it is not their user attempting to do damage, and when it is their user to authorize access to any system. Cognitive ID makes life simpler for each stakeholder as it increases the perfection of proper identity and enables reliable role-based authorizations.

Once CognitiveID becomes the “standard” credential for authenticating identity, industry stakeholders have more time to attend to other software services (viz. SASE) that secure their systems and data.

DISCLAIMER: Below is an AI generated transcript. There could be a few typos but it should be at least 90% accurate. Watch video or listen to the podcast for the full experience!

Alex Natividad 0:00
In fact, it’s hard to forget something you know what the password is, you can’t remember something you don’t know. That’s why it’s fundamentally wrong, right. But the other thing is, since we have tons of unforgettable memories and associations, then you can have unlimited password replacements.

Alexander Ferguson 0:24
Welcome to UpTech Report. This is our applied tech series UpTech Report is sponsored by TeraLeap. Learn how to leverage the power of video at Today I’m joined by my guest, Dr. Alex Natividad, who’s based in Amarillo, Texas. He’s the CEO at NimbusID welcome, Alex. Good to have you on.

Alex Natividad 0:43
Hi, Alex. Thanks for having me here.

Alexander Ferguson 0:45
Good name, good name. So now NimbusID is all around a software system for the creation of indication of your identity without using a password. And we’re so used to passwords all the time. We hate managing and tracking passwords. So this is such an interesting topic. But you’re a physician, you’re an active psychiatrists position, and you’re taking neuroscience to the cybersecurity space. Help me understand Alex, take me back, like where did you start to under discover and look at this problem and try to attack it from a different perspective?

Alex Natividad 1:19
Okay, actually no, in in this journey. There’s always a reason for finding a solution. I used back, I was hacked, and I got locked out. And it was very difficult to come back and hadn’t started many times. So I said, You know what, enough of this, I got to find a solution. Now, I’m not a tech guy, I don’t know, tech, actually. But I did a research. And so I looked for authentication, identity access, credential two factor, you know what, I got confused. But one thing I realize, in my search is, we are led to believe when you access your account, only you can access your account. But in reality, it does allow you to access your account and someone else. Well, that’s not good. So I figured password is a very difficult concept to remember. So I figured there’s got to be a problem. Now, if you look at the technology, password is merely a credential that you possess. It’s it’s something that you assert as if it’s you, but it’s actually not you. It’s a

Alexander Ferguson 2:36
string of ID numbers or letters. Like

Alex Natividad 2:38
it’s just something of something right? It doesn’t even represent it’s you. So you know, in my, in my search, what I realized is the problem fundamentally is the server controls the proof of its you. Well, the problem with that is if a server controls the concept of proving it’s you, they just hack the server or the device game. All right. Secondly, the user is required to enter something that when it matches, whatever is stored in the server, access is provided. It doesn’t matter who you are, as long as matches, access is provided. It’s a validation. So the question is, I thought I’m proving myself, but it’s not. So when I began this journey, the first thing that came to my mind is if I have to prove myself to the device, what is what should it be? The only thing that I know was unique between the two of us and anyone else, is what’s inside my head. As a neuroscience guy, how I think it’s the way I think, I don’t think you can tell me how I said, I cannot tell how you think

Alexander Ferguson 3:58
you say visually, the way our brains work, almost like our thumbprint. Each of us are unique in a way that can’t be identified.

Alex Natividad 4:04
Exactly. The thumbprint and DNA is unique in the physical space. No problem with that across the web is opaque. You can find a way that still unique and applicable to you that cannot be impersonated. So my thinking is unique. So I’ll give you an example. When we were born, our brain or to our mind allows us to experience mom and dad, that toys and the house and everything else, right? You begin to develop this memories. We call that experiences and associations, right? So the things that I see comes from the back of our head called occipital lobe. So this is a rectangular objects I see rectangular. But guess what, this is an iPhone. My wife gave me as a gift in our anniversary gift September 5. That guy here the proud makes that story that it associates the story behind a rectangular object. All together, what we see what we associate, the guy who has the font on, it makes the final interpretation of the things we know about externally. Now the question is, we have all these unique, contextual associations that we know, can I teach a system to get those unique associations projected to me during authentication, so that I can be the only one to connect the dots. And

Alexander Ferguson 5:41
so you’re basically creating a system to pull out these unique connections that are already in our brain, show it to us, and then only we would recognize, oh, this, and this and this resonate with me, because I, it’s, it’s somewhere in my brain. And so that’s the

Alex Natividad 5:56
path, it’s something that you already know. In fact, it’s hard to forget something you know, what the password is, you can’t remember something you don’t know. That’s why it’s fundamentally wrong, right. But the other thing is, since we have tons of unforgettable memories and associations, then you can have unlimited password replacements, right? So every time you come in, you get shown different objects and associations, connect the dots next time is different, every time is different. So the question of phishing is gone.

Alexander Ferguson 6:31
So there’s, there’s a similarity, when you first describe this, to me that popped in my head was when you’re with government, or certain things, it’ll show you, did you own a vehicle in x? Or did you used to live here? Or is your mother’s name X or Y? It sounds like that’s also like only you would know, but the data is public. So what you’re trying to say is, instead of just public data that it’s pulling from, it’s actually just data or memories, or thoughts that are from your brain.

Alex Natividad 6:59
That is Greg onyx, except that is what you call uni dimensional memory. It’s yes or no answer. Our system is multi direct, multi dimensional. So it is a series of contextual associations that he got to know everything. So this one is a Hey, did you live in that state before? Yeah, it’s easier to answer that it’s easier to to fish that data. Ours, you can’t. It’s something that you have in your own decades of long ago memory. That is because that becomes intuitive to you once you know it. So I’ll give you an example. If I may. So let’s just say hypothetically, let’s create a story. Okay. Julie, calm S is my girlfriend from high school in 1975. in Dallas, she gave me a pen upon graduation, and she became a golfer in college. Now, some people might know that, but the whole story, it’s hard to know. So the question is, we have a system that takes all this collected information, we hash it, then we disaggregate that. And then when you come in to authenticate, we just bombard you with objects and noise and summer to our summer falls, it’s up to you to connect the dots, we just split them three times, and you’re done. How easy is it, so

Alexander Ferguson 8:30
part of it is extracting the data out of your brain? I’d like to think of that in a moment. Then the other piece, of course, is when you’re looking at it. How quick, is it? And will you ever forget these memories? Like will I’m just like pondering in my own brain of like, will? Will you easily make that connection? Or how much brainpower does it take to look through and scan for

Alex Natividad 8:57
actually, the best part is all these memories that we have that happened many years ago, are actually durable and enduring. They don’t go away. In fact, there are so strong that if you compared to my memory last week, because this just happened, Simple Events, they don’t mean anything to me, but things that are so meaningful, they just can’t forget that things that you did in grade school with your friends, you know, all these favorite places. It’s, it’s, it’s, it’s they’re big. In fact, if you see a classmate of 50 years ago, for instance, that you haven’t seen many years, you immediately recognize that person and the things you guys did together. I mean, it’s it’s hard to forget that whereas in this passport, you can remember,

Alexander Ferguson 9:46
how do you what’s the process of extracting these memories.

Alex Natividad 9:51
So the first part is when you create an account as a user, you simply go back to your memories in the past. You you enroll three stories, and it’s up to us to pick them apart and pull them together and show it to you on authentication takes about probably two minutes to create an account, and you’re done. You don’t have to memorize anything, you don’t have to reset.

Alexander Ferguson 10:18
It’s all there, you’re giving three stories, and then it picks it apart, and then just is able to show you a tiny piece of it, that you would immediately recognize as Oh, that’s that story. And everything else is

Alex Natividad 10:32
it? Yeah. So in the example of the Julie Gomez story, we will show you four objects from top names, I do recognize as one of them. And the three names are just fake North objects. And below that are 14 associations about Julie commerce. So on the 14 associations, say golfer is one of them, right? And then the rest 13 associates are fake. They just be a golfer. next shot, get another Dallas high school next shot 1975

Alexander Ferguson 11:06
Okay, so interesting, it starts with the person that is actually helpful that the first thing about a person and then what are your associations connected to that person that does come? It does come pretty naturally. Now, if I if I may come from another perspective here. A lot of people are or the adoption of the technology itself is is in the bio. psychometric face recognition be a biometric. Why Why are you not a fan of biometric?

Alex Natividad 11:33
Well, biometrics such as your face ID, or touch voiceprint or Iris. The problem with that is they’re static. If they’re spoof copied, how do you reset? Can? Because it’s fixed. Right? So number one, number two, you require a device to make that point. So a device is a mere possession of a person using the device to authenticate? Well, to me, we need a proof of test or identity test of the human behind the device that’s being used to authenticate. So it’s one step better. In fact, I can prove it’s you with any device, as long as you’re coming in.

Alexander Ferguson 12:23
As long as you bring your brain.

Alex Natividad 12:26
You are you’re not integrated, but you can still think and write

Alexander Ferguson 12:30
right? Now the the the use cases for this, you you’re going after effectively enterprise solutions, we’re where they’re you they want to apply this to across their board, like, what’s kind of the next step for him? Is it what are you looking for?

Alex Natividad 12:46
So in the short term, what we’re trying to do is to improve the user experience and adoption rate of two factor right now two factor is a factor the level of highest security, but adoption rate is low. We think that if we add this as the preferred two factor authentication, then because it’s just merely click, you cannot make a mistake, you don’t copy our code, then I think adoption rate might improve. And so that is our initial deck and the long term is we could be a technology to be licensed by other authentication technology companies.

Alexander Ferguson 13:30
So it’s realizing that there is already a wave of two step authentication, it truly is a great way. But most people don’t want to do it. Because what if I forget my phone or I don’t have that that secondary device or memory? And that’s where your your current application is, this is a secondary, but eventually, that it could stand alone without even needing a password that someone could use this technology

Alex Natividad 13:53
will absolutely the concept behind a two factor is because your first first factor is weak and vulnerable. If you use this as as the first factor, there’s still really need to have a second factor. But we cannot claim it that way for now, because we need some adoption. So once people use this, the question is, why would I need another factor?

Alexander Ferguson 14:19
True, true. So for for you, when when you look at the world of cyber security? What do you if you could kind of wave a magic wand and have any kind of solution come into play? How do you see the future like what what are we going to be experiencing and when we’re going in interacting with our technology around us?

Alex Natividad 14:39
Oh, I will go. These are going to be a big statement. The the future I’m sorry, the current technology that is being deployed is the so called password less authentication, meaning I have to rely on whatever device I have My identity problem with that, I’ll give you an example, let’s say your device. Are you familiar with this sim hijack. So instead of spoofing your phone, they go to the telco and pretend it’s you change your Sim. Now it’s owned by a hacker. So whether you like it or not, the future, I think, has to be some form of identity test of a human person breathing, not a bot, that is attempting to access to an account across the web, not just non human. That’s it makes sense. Because all these technologies we have can be bought. Enable, what’s the point? So when I have to send, for instance, a million dollars elsewhere? I just want to be sure it’s me doing that, and nobody else? That’s a big money?

Alexander Ferguson 16:00
Yeah, I, I do I do love the concept of that our brain is can be the password of or the stored memories that are that are in there. But the probably the biggest thing is changing behavior is hard. changing the way we do things. takes time and sometimes external push. But there’s so much in the news right now with with hacking on so many levels, where that solar hack, and there was actually that recent pipe pipeline? Yes, yes. And it’s simply because hackers are getting smarter and being able to hook in, but theoretically, if if they could hack a password, but they can’t get beyond that next piece of authentication, because well, you did mention that that it is hash, but so there is that data ever stored anywhere that they could and hash it and understand what are the three pieces?

Alex Natividad 16:57
Actually, Alex? That’s a good question. The way we collect your data, and we connect it to you, I don’t connect it to Alex, for instance, we don’t capo your data with you, we just covered that we are you you ID a universal unique identifier, we don’t need your email, I don’t need your patient address or, or any more PII. That’s the beauty of that. So even if you happen to know all the data, it doesn’t pertain to you. it pertains to a specific number. So stolen identity is not even applicable.

Alexander Ferguson 17:38
If they’re trying to find a person, that person in the passwords, hashing doesn’t exist, it does not, it’s not labeled as an individual. It’s just when you go to authenticate, when you when you are asked the password and you give it then it finds the correct UID whatever it is, and says

Alex Natividad 17:54
that when when you create your account, and if you actually log in, we know it’s your brain doing that without knowing your bi which have been assuming the wave once. So therefore, your identity is not scattered all over. Because it’s just a piece of number. That makes sense. So we are thinking way ahead, that to prove it’s you. We don’t need anything else other than the way you think, or how you’re watching.

Alexander Ferguson 18:27
Well, when I know right, now you’re focused on to authentication. So someone would first enter their email address into like, Microsoft or or teams. Yeah, and be able to log in, and then they would go to another page. And is that just simply that that push from from email to? I guess, the pop up or whatever that comes? And you just choose your experience? Is that is that the flow?

Alex Natividad 18:49
Yeah. So once you’re able to, based on your service providers requirement, so for instance, you have a username, okay? Once you enter username, it goes to this algorithm. Eventually it comes to us. And then if you’re if this shows on your screen, how to click what to click on those three objects, then you’re done. Next time is different. Awesome. Well,

Alexander Ferguson 19:14
thank you so much as for kind of walking us through both from your journey that you’ve been on of, of coming from cybersecurity and a whole nother perspective from neuroscience, and, and this whole system that you’re building. And again, for those out there. If you’re looking probably in the enterprise space, I think you’re most thinking about healthcare and finance and you’re looking for a whole new password list or rather using your brain to do it as a two step authentication. Then go to And I’ll give you a shout. Was that a good first step? Yes, sir. Awesome. Well, thank you so much, Alex. Appreciate your time.

Alex Natividad 19:54
Thank God. Thanks and have a good Friday.

Alexander Ferguson 19:57
Everyone, we’ll see you on the next episode of UpTech Report. Have you seen a company using AI machine learning or other technology to transform the way we live, work and do business? Go to UpTech and let us know


YouTube | LinkedIn | TwitterPodcast

The Purpose of a Company | Clint Oram from Sugar CRM

Protecting Your Social Media Data | Mark Weinstein from MeWe