Avatier launches offline card after Stryker cyberattack
Avatier has launched the Identity Challenge Card, a physical multi-factor authentication product designed to work when identity systems are offline. The launch follows the cyberattack on Stryker, which Avatier cited as an example of the risks facing corporate login and recovery systems.
The product is a pre-issued printed card for employees that supports authentication through a challenge-response process without a smartphone, app, or internet connection.
The launch comes as companies face growing concern over attacks targeting identity infrastructure, not just data or endpoints. Public reporting on the Stryker incident indicated that attackers accessed administrative credentials and used enterprise device management tools to wipe devices, leaving staff unable to access systems and disrupting internal operations.
That scenario has highlighted a weakness in many standard multi-factor authentication systems. In many organisations, MFA depends on a user device, a connected identity provider, and a live network, meaning a coordinated attack can disable all three at once.
Avatier is positioning the card as a fallback for those circumstances. It says the card can be issued across a workforce in a day and used by service desks to verify callers and restore access when normal authentication tools are unavailable.
Offline method
According to Avatier, each card is issued in advance to an employee and contains one-time challenge values. Used values are permanently invalidated, a design intended to prevent replay attacks while preserving unused values for later authentication.
The product is air-gapped, operating offline rather than through a networked identity platform. Avatier argues that this reduces the risk of the authentication method itself being disabled remotely during a wider breach.
Avatier also used the launch to highlight the financial impact of identity-related cyberattacks. Its free Attack Cost Calculator is intended to help executives estimate potential losses based on workforce size, average compensation, daily revenue, and likely downtime.
The company estimates that the impact for many mid-sized and large companies can range from USD $10 million to USD $100 million or more within days if an attack disrupts access to systems and halts operations.
Business impact
The broader issue for companies is operational continuity. When identity providers are unavailable, employees may be unable to log in, help desks may be unable to verify users, and IT teams may struggle to restore access at scale.
That creates a business risk beyond data loss or compliance exposure. Identity systems increasingly sit at the centre of day-to-day operations, so an outage can affect payroll, communications, customer service, and internal administration, as well as core technology teams.
"Cybersecurity is no longer just an IT issue, but a business continuity issue. When identity systems are compromised, companies don't just risk data exposure; they lose the ability to operate. The industry has spent years adding layers to MFA, but those layers depend on devices, networks, and identity providers that attackers can take down at the same time. We took a different approach by removing those dependencies entirely. With the Identity Challenge Card, organizations can maintain trust, access, and productivity even in the middle of an attack. Our goal is to help companies recover quickly and keep business operations running," said Nelson Cicchitto, Chief Executive Officer of Avatier.
Founded in 1997, Avatier sells identity and access management software to organisations across sectors including healthcare, financial services, manufacturing, energy, government, and education. The new card is aimed at enterprises seeking a recovery option when ordinary authentication systems fail.