Is Blockchain The Future For Passwords?
— Written by
Usernames and passwords are universally used for authentication in almost any digital application. Since most security breaches happen because of human weakness, REMME has come up with a way to avoid using passwords using blockchain. In the following article we will go through what REMME is, how it works, and how blockchain can make passwords obsolete.
Though the username and password combination is universally used for data protection, people don’t want to remember long sequence of letters and numbers. A study shows that 10,000 of the most common passwords (such as 123456) can access 98% of all accounts. Sometimes, people even leave their browsers open on public computers or write passwords on paper. Most security breaches happen because of human weakness. That’s why REMME has come up with a way to avoid using a password. REMME has found a way to prevent attacks from ever happening and stop attackers from obtaining private information by using blockchain.
What is Blockchain?
- Blockchain is a technology that uses a distributed database instead of locating, storing, and maintaining data on a single location.
- The data is stored in a distributed database, if any hardware failure occurs it may not cause all the data to be lost, this makes it a very secure way to store sensitive information.
- Once the data is stored in the blockchain, it cannot be altered.
Problems with the current password based system
The most common password attacks happen because most passwords are too simple to guess and many systems allow a user to guess passwords multiple times, making password-based systems vulnerable to hacking. Security breaches happen because of human weakness. Let’s see some of the common attacks.
Phishing Phishing is an attempt to obtain sensitive information such as usernames, passwords, or credit card details. Most people associate phishing with e-mail messages that often directs users to enter personal information on a fake website. According to Ghosh, there were “445,004 attacks in 2012 as compared to 258,461 in 2011 and 187,203 in 2010” which depicts that phishing has been threatening individuals.
Brute Force Attack It is a trial and error method for obtaining sensitive information. Hacking attempts using brute force have increased 400 percent in 2017, according to a report.
Bucket Brigade The bucket brigade attack is also known as Man In The Middle attack. In this the attacker intercepts and modifies the data that is to be transmitted between two users.
Keylogging Keyloggers are programs downloaded through an email attachment that act in the background for obtaining sensitive information. It records every key stroke made on the infected system.
Password Breach Nearly one out of every two cyber attacks are breach of password attacks. The State of Cyber security Report, 2017 by IT services company Wipro said,
Equifax lost the personal data of 143 million US customers because of using “admin” as the username and password.
Password Managers Are Not Secure
Password managers are software that remember all your website passwords. With a password manager, one can log in by auto filling passwords with the click of a button. There’s no need to remember multiple passwords! This eliminates the human factor of remembering the passwords. Though password managers have many advantages the possible problem with password manager is mistaking authentication with authorization. A researcher found that several web-based password managers had, at one point in time, such flaws. These issues allowed users to share credentials with other users.
The reason behind password cracking are people using very easy passwords. That’s why REMME come up with a way to avoid using passwords i.e, eliminating human factor from the authentication process.
REMME is building an open source distributed Public Key Infrastructure (PKI) protocol with a set of DApps, enabling passwordless authentication for humans and devices. Instead of passwords each device is given a specific SSL certificate. The certificate data is the stored on a blockchain.
How does REMME work?
Passwordless Instead of a password the user generates an SSL certificate for each device. SSL is the protocol which provides the encryption. SSL Certificates are installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords. The certificate data is managed on the blockchain, so fake certificates will never work.
To successfully tamper with blockchain, → One need to tamper with all the blocks of a chain → Redo the proof of work for each block → Take control of 50% of peer to peer network only then a tampered block will be accepted by everyone else. This is almost impossible to do. Thus protecting the certificates.
2FA REMME allows users to rely on two-factor authentication linked to a messaging service of their choice. For example, if a user wants to login to their bank account, as a first step they need to click the button their bank’s page, in the second step they should also confirm a password sent to their phone.
Decentralised REMME uses blockchain technology to create a distributed certificate management system. The data is stored on a distributed database where any hardware failure will not cause a data loss.
Fair Pricing With REMME, there is no need to invest millions in sophisticated hardware or software. SSL/TLS technology is supported by almost every device.
In conclusion, we need a technology that protects our personal information. We depend on technology to prevent data breachs or misuse of information. REMME developed a technology that helps us in protecting personal data.
Up nextHyperledger Fabric: Transitioning from Development to Production