Passwords are broken — here’s how security should look
For anyone who’s been in the crypto space for even a short period of time, hardware wallets such as the Ledger Nano S, Trezor etc. are invaluable. These hardware devices at their core are key generators, capable of signing messages and don’t have interfaces for allowing the private keys off the device.
The finishing coup-de-grace that really ties this together is the amazing HD Wallet Bitcoin Improvement Proposals (32, 39 & 44). HD expands to Hierarchically Deterministic — practically we see this usage in the form of a 12 or 24 word mnemonic that is tied to these sets of key-pairs. So anyone with access to these words can re-generate all the key pairs. And the chances of someone coming up with same sequence of 24 words are something like 1 in quintillion, i.e. think asteroid hitting earth kind of chances.
With this preliminary out of the way, here’s how I see web security implemented:
- A hardware device (much like the Ledger Nano S) is connected to a user’s computer.
- The first time the user plugs it in — it asks the user to choose a user_name and then generates a key pair with appropriate randomness and then stores the user_name => public key mapping on a public blockchain. Civic is doing something similar. Keybase is as well.
- User visits a site (say facebook.com)
- Once the page loads, a browser extension talks to the device & asks it to sign a transaction. This would require the user to physically interact with the hardware device to approve this login attempt. No more having to worry about the user’s computer being compromised by key loggers! Assuming the user confirms, a transaction is signed and stored on a different public blockchain. This transaction hash is then sent to the corresponding domain servers (in this case facebook.com servers). They look up to see if there is a corresponding user in their system and if there is, they create a session for that user with a corresponding API token with a TTL.
Why bother?
The obvious wins are:
- Protection against key loggers and malware on machines capturing your password
- Protection against man in the middle attacks — unless the mnemonic has been compromised
- No more having to remember and come up with unique passwords
- Reduced IT overhead for managing access to resources. Sophisticated models using Shamir’s secret sharing can be built using this approach that take security up a notch.
- Finally, users truly contain access controls. If they don’t sign a transaction on a public blockchain with the private keys that never leave their hardware device then security and privacy are far easier to reason about.
Blockchain tech was built for this and it is being used for $$. Next step, security.
