Blockchain as the Solution to the Insecurity of Passwords

Passwords alone can no longer meet our security needs.

According to the 2018 Verizon Data Breach Investigations Report, 81% of hacking-related breaches were due to poor password management.

With an unprecedented number of data breaches in the last 12 months, corporates and individuals are asking themselves whether it is worthwhile to continue to use antiquated, incomplete, or weak security measures to safeguard vital information entrusted to them.

Some solutions, such as two-factor authentication, have gone part of the way to fixing the problem; however, reports of information loss and security breaches persist.

The problem is a thorny one, password management is weak, websites are insecure and so our data lies with corporations who manage the websites but are vulnerable to hacking. Increasingly, this state of affairs is becoming unpalatable.

One solution is to reverse the state of affairs and use blockchain to eliminate the need for individual companies to store passwords in their database, fundamentally changing user authentication.

In blockchain-based systems, each user receives a public key and a private key, and can only directly authenticate themselves by using these key pairs. The blockchain stores the public key while only the user retains the private key.

Public keys identify users (and companies) thereby providing a means to transparently track who did what and when on the blockchain. The corresponding private keys, ideally secured on a hardware device, authenticate actions carried out on the chain.

By having your private key embedded on your hardware device, it is no longer stored in an application database, which is often the target of data breaches. Indeed, even the user will not necessarily know their private key, enhancing security, and putting them in complete control of their credentials.

The interaction between users and applications built on a blockchain protocol with the additional use of hardware keys, creates a seamless and passwordless experience, and provides a much more robust and protected environment when users are online. Protocols like EOSIO, which is published by Block.one, make this a core feature. As Tayo Dada, Founder and CEO of Uncloak, “the world’s first blockchain-powered cyber-threat solution”, emphasizes, “The immutability of the blockchain provides a whole new level of protection. [And] EOSIO offers us a high-speed, highly-secure Delegated Proof of Stake blockchain”, which “Uncloak uses for… permission access to data from different groups of users, obfuscated data management for ensuring that customer information is kept private, a time-lock on data, and storage of IP/copyright data for hunter who find new vulnerabilities”.

It’s vastly different from what most of us have to live with today. Traditional centralized password-structured systems, commonly used by web applications, actually provide an opportunity for hackers to concentrate on one central target that houses all of a users’ personal information. In contrast, the decentralized nature of blockchains are specifically built with security programmed directly into the code, forcing a hacker to consider that there is no longer a single attack target as the user retains their private key on their own device.

In Deloitte’s 2018 Global Blockchain Survey, 84% of company executives agreed with the statement that blockchain-based solutions were more secure than conventional information technologies. Additionally, 74% of participants said their companies either already participate in or will likely join a blockchain association as an informational resource to learn about the various applications of the technology. As companies continue to engage with blockchain, the adoption of this more secure technology is on the horizon.

The International Data Corporation expects spending on blockchain technology to reach $11.7 billion by the year 2022, with an annual growth rate of 73.2%. Bill Fearnley, Jr., research director for Worldwide Blockchain Strategies, said that this is primarily driven by corporations looking to secure data while transforming their traditional business security practices.

Despite attempts to strengthen passwords, via length or complexity in character selection, traditional authentication systems cannot compete with the cryptographic strength offered by a key pair.

EOSIO has become the most used blockchain in the world in part because of the security features it offers — even to applications that want to provide only highly customized access of information with only minor configuration.

The security features also mean that if an account is compromised for some reason, the rest of the database and all other users remain secure.

By placing an emphasis on user’s privacy and security, EOSIO has given blockchain an additional much needed utility, which is highly valuable to users: keeping safe the integrity of their data.

In the future, blockchains, as simple and secure systems, can become part of common-sense security practices for corporations across various industries, forming the underlying technology behind securing data. The implications are that blockchain will extend far beyond corporate and government data management liability reduction, but put ownership of data back in the hands of users.

Blockchains, like EOSIO, are raising the bar in preserving data security and will continue to distinguish themselves as the leading solution in safeguarding sensitive information online. Users, on a blockchain, will simply reap the benefits of living a simpler and more secure digital life that reduces fraud and once again, instills trust online.


Disclaimer

Block.one is a software company that is producing the EOSIO software as a free, open-source protocol. This software may, among other things, enable those who deploy it to launch a blockchain, or decentralized applications with various features. For more information, please visit https://github.com/eosio. Block.one does not provide financial support to anyone seeking to become a block producer on any version of the EOSIO platform that may be adopted or implemented.

Block.one will not be launching any of the initial public blockchains based on the EOSIO software. It will be the sole responsibility of third parties, the community, and/or those who wish to become block producers, to adopt and implement EOSIO in the manner they choose, with the features they choose, and/or providing the services they choose. Block.one does not guarantee that anyone will adopt or implement such features, or provide such services, or that the EOSIO software will be adopted and implemented in any way.

Block.one does not endorse any third party or its products or services, even if they are mentioned herein. Block.one is not responsible for any linked content.

Please note that the statements herein are an expression of Block.one’s vision, not a guarantee of anything. While we will try to make that vision come true, all aspects of it are subject to change in all respects at Block.one’s sole discretion. We call these “forward looking statements”, which includes statements in this document, other than statements of historical facts, such as statements regarding Block.one’s business strategy, plans, prospects, developments and objectives. These statements are only predictions and reflect Block.one’s current beliefs and expectations with respect to future events; they are based on assumptions and are subject to risk, uncertainties and change at any time.

We operate in a rapidly changing environment. New risks emerge from time to time. Given these risks and uncertainties, you are cautioned not to rely on these forward-looking statements. Actual results, performance or events may differ materially from what is predicted in the forward-looking statements. Some of the factors that could cause actual results, performance or events to differ materially from the forward-looking statements include, without limitation: market volatility; continued availability of capital, financing and personnel; product acceptance; the commercial success of any new products or technologies; competition; government regulation and laws; and general economic, market or business conditions.

All statements are valid only as of the date of first posting and Block.one is under no obligation to, and expressly disclaims any obligation to, update or alter any statements, whether as a result of new information, subsequent events or otherwise. Nothing herein constitutes technological, financial, investment, legal or other advice, either in general or with regard to any particular situation or implementation. Please consult with experts in appropriate areas before implementing or utilizing anything contained in this document.

The ideas and information expressed herein are solely those of the author and do not necessarily reflect the positions, views or advice of Block.one or any other employee of Block.one.


Originally published at block.one.