The importance of securing our data and identities becomes a top priority as our digital lives expand.
The alarming number of recent data breaches has encouraged the ordinary consumer to be more cautious about guarding their online information. In the quest for safe access, the key often comes down to the password safeguarding it. However, one flaw of the password is that they are created and used by people, and thus, are susceptible to hacking.
Using a different password comprised of a randomized mixture of characters for each service we access may become difficult to manage. In turn, forgetting passwords comes with the risk of data loss so startups such as LastPass enables centralized password management in a secure and easy manner.
Data Breaches Becoming More Common
MyFitnessPal, an app owned by Under Armour, tracks and continuously updates user fitness and nutrition data and stores it on a database. Recently, however, Under Armour acknowledged a data breach in which 150 million accounts were hacked. Usernames, passwords, and email addresses were compromised.
In incidents such as this, the worry of quickly updating accounts can be stressful. So password manager apps like LastPass or Dashlane can be useful for providing user alerts when a website security is compromised.
Still, such services are not a fix for the general failing of passwords as even password storing apps get hacked as seen in 2015 with LastPass.
Biometrics To The Rescue?
Biometric authentication seemed a likely contender to replace the ubiquitous password. Fingerprint recognition has been available on smartphones for several years but has its downsides. For instance, sensors can be copied and in some circumstances, fingerprint recognition doesn’t function properly, such as when the sensor gets wet or if there is debris on the user’s finger.
There is also the uncommon possibility that a thief could force someone to place a finger on the sensor and gain access to bank accounts, credit cards, and other valuable data.
Facial recognition reports similar difficulties but is not yet widely available. Currently, only Apple’s implementation on the iPhone X has an accuracy threshold to consistently distinguish between human features but has lately reported issues.
SSL/TLS On Blockchain To Overthrow Passwords?
At the heart of the web experience is the Secure Sockets Layer (SSL) that secures our browsing activity when the padlock icon and HTTPS appear at the beginning of a web address in the browser. SSL ensures the data moving between a user and a server is encrypted so that the information transmitted is unintelligible and impossible for a hacker to read even if it is intercepted.
Transport Layer Security or TLS is an updated version of SSL used alongside a CDN to bolster security. If these certificates are stored on a blockchain, they could be used to maintain device-level security and remove the need for passwords. There would no longer be a single point of failure where cybercriminals can target a server in a centralized architecture.
Furthermore, a certificate could generate per device and if a protocol were in place for a distributed public essential infrastructure, passwords to be a thing of the past.
Blockchain Projects May Be a Solution
Decentralized applications can build on a blockchain infrastructure to provide certificate management features for consumers and companies.
Digital keychains holding individual keys for separate devices stored on a blockchain can make the generation of fake certificates extremely difficult. As the blockchain matures, hackers will find it increasingly hard to create fake certificates.
One promising project called REMME, has been working to make this a reality by utilizing Blockchain and SSL/TSL to make passwords a thing of the past and to protect data in a broader, more encompassing framework.
REMME recently closed a funding round of $20 million and is currently working on project development.
Self-sovereign identity systems, in which the individual has full control, are being worked on by a host of blockchain projects and rely on the public-key cryptography principle.
uPort, for instance, is using the Ethereum blockchain to build a system in which access to credentials can be managed on a smartphone interacting with a blockchain.
Blockchain’s decentralized nature can provide answers to many key issues facing security on the web today. With the development of blockchain tech, we will see the foundations of many systems disrupted and replaced, bringing forward a safer and freer online user experience.