How technology is looking to replace passwords [Q&A] – Fior Reports

We have long been told that passwords are on the way. In fact, none other than Bill Gates predicted the death of the password at the 2004 RSA conference, yet we still rely on them to manage much of our daily access.

But things are starting to change. Patrick McBride, CMO at Beyond Identity, believes the technology to eliminate passwords and replace them with something more secure is on the rise. We spoke to him to find out more.

BN: Can you completely replace passwords with something fundamentally secure?

PM: The password problem is known. This is inconvenient for end users, but more importantly, it is a very risky method of authenticating the end user. Early attempts to address this involved longer and stronger passwords when people used cracking techniques to figure out which passwords came from a database that was helpful. But many of the ways passwords are stolen, either malware running on the laptop or phishing sites have nothing to do with it. Hackers use these techniques to compromise thousands upon thousands of accounts. If you look at Have I Been Pwned, there are 11 billion credentials so this is clearly a big problem.

Next came multi-factor authentication, but thats cumbersome, I have to select my phone and get this code. Also, its not hackproof, they use phishing techniques and steal the second code. Its a level of protection, but not a lot, so we set out to have staff members eliminate the password entirely.

BN: Which techniques are required for this?

PM: We are now using SSL to authenticate the website we are going to visit so we know it is authentic and then we just set up a secure connection. It uses what is called symmetric cryptography that we are doing trillions of dollars in business every day and not having a lot of problems with it. So we replaced the employee passwords with the same technique of the underlying cryptographic public key / private key.

We have a small authenticator that runs on the desktop so no password is required after logging in with biometrics or PIN. And the PIN code never leaves the system, it is stored in a hardware chip in the computer, which makes it difficult to crack. All modern PCs and mobile devices have something called a TPM its required for Windows 11 systems its a place where you can securely store a private key in hardware. This gives you a very smooth login experience that is also very secure. We then create an SDK that developers can use to incorporate hardcore technology into their application so that we can provide very secure multi-factor login for any app, whether youre logging into a bank website or ordering a pizza.

BN: So there is no additional software or agent required on the endpoint?

PM: Exactly, its self-contained within the company or in any app you download. When I use my banking app or my delivery application, the technology in it is self-contained. That is why we have integrated our secure and smooth functions into your app. The end user doesnt have to do multiple things, they just log into their device and then open their app and its super seamless and very secure.

BN: Weve heard for several years that passwords are on the way. How far do you think we are from a tipping point where everyone will be passwordless?

PM: Its starting now, its gotten easier for companies to do this for their employees so it gets a lot of attraction and removes passwords from the employees experience. The next step is really the consumer apps and this is where things get a little tricky. There are a lot of passwordless things that hide the password but dont actually remove it. If I send you a magic link or even a one-time code to sign up via text message, the hackers have plenty of options to steal that snatch that code. It doesnt matter how complex or unique your password is because if malware steals it, you are still compromised. We removed some of the hassle, password managers do a bit of it, but they dont eliminate the password security problem.

We have reached a tipping point where companies, especially on the consumer side, will start to incorporate technology as they develop new apps. It does so across a range of industries, from banking or financial services companies to everyday e-commerce applications. To get to a position where no one can remember passwords, I would say it will take another three to five years.

BN: All of that is still based on cryptography. How great is the threat from quantum computing?

PM: The cryptographic algorithms that underlie our technology are the same ones that underlie TLS and SSL, it is public key cryptography that is based on a certain set of things. I think were still a long way from breaking this stuff.

Of course you cant perfectly secure the future, the bad guys see quantum computing as a way to defeat the good guys, and the good guys are looking for ways to develop much stronger quantum-based algorithms, but the responsibility, frankly, rests on the industry.

The bigger question is whether youve built your technology so that you can replace it with something more quantum-secure in the underlying algorithms when that eventually happens. I think its a bit of an arms race now. Its going to be a problem, and so it is up to the companies developing technology to make sure we are using cryptographic techniques and that they are future proof. Its still on the horizon and a problem for every single company.

Photo credit: Siphotography / depositphotos.com

See the original post:
How technology is looking to replace passwords [Q&A] - Fior Reports

Related Posts
This entry was posted in $1$s. Bookmark the permalink.