Keep Forgetting Passwords? Blockchain Is Here to Make Your Data Hackproof
Keep Forgetting Passwords? Blockchain Is Here to Make Your Data Hackproof
Are you having trouble remembering your passwords? Check out this post on how blockchain could be the solution.
Join the DZone community and get the full member experience.Join For Free
Protect your applications against today's increasingly sophisticated threat landscape.
A key that opens the doors to our most private information is our passwords — what we want to keep exclusively to ourselves. They protect our bank accounts, personal letters, messages, and our life. Сreating dozens of alphanumeric combinations, we can never be sure that the information they protect will not fall into the hands of fraudsters.
Why Did Passwords Turn Into a Vulnerability?
Still the most common user authentication method, passwords have historical roots and are based on the principle of accessing data on a trusted device (server). This method proves fairly effective when the computer is isolated from the network. However, both the Internet and a remote server cannot serve as an unhackable environment. The good old “legacy” paradigm no longer works.
Well-known cases of hacking into user accounts are perfectly illustrative. Some of the biggest scandals include the ones around the Yahoo! hack in 2012, Apple’s iCloud photo leak, 5 million stolen Gmail passwords in 2014, and the leaking of several million Adultfriendfinder social network accounts in 2016.
Even a two-factor authentication system is vulnerable. Having disclosed their password at least once (e.g. when logging in to an application or browser for authorization purposes), the user is no longer protected from potentially malicious actions of those on the other side of the screen. It is the password that fraudsters target so vigorously.
Now, let us count how many services we use in our everyday lives. One way or another, you are registered in a couple of popular social networks. Online banks are also a fairly common and useful service that is simply inherent in today’s life. If you travel, you are likely to have accounts on ticket and hotel booking websites — not to mention online store accounts. Try using the same password for all those services and be assured that you are using the worst security strategy. Having lost it once, you put under threat all your personal data, including finance. On the other hand, a special complex combination of symbols for every single website is next to impossible. We have another problem here — passwords are numerous. They can be lost or forgotten. Keeping them on a piece of paper implies obvious risks. That said, the more secure your password is, the more difficult it is to remember.
A forgotten password seems to be restorable but highly challenging when it comes to major services. Your online bank service will hardly give you to access your account until they thoroughly analyze this "suspicious person" that you automatically became for them. The only possible solution, in this case, is to make a written request to your bank for account recovery.
Common Password Issues
- Low data protection security.
- Risk password leaking into the Internet and poorly protected web services.
- Centralized storage of user data by companies adds to the risk of password thefts when a storage is hacked.
- The need to store a whole range of passwords for different services.
- Non-restorability of a lost password or high recovery costs.
- Continuous password change needed to mitigate the risks of data misuse in case a password has already fallen prey to a perpetrator.
- The use of simple passwords and the possibility of multiple password re-entry increase the risks of hacking.
Attempts to Deal With Password Storage Issues
The issues above remained long unresolved. The architecture of most networks implies centralization to a certain extent. Even the SSL (Secure Sockets Layer) certificate technology, once breakthrough, has offered no solution since it only encodes the service communication channel, with certificates being issued on a centralized basis.
Password storage services, like KeePass, eWallet, LastPass, or 1Password, became a problem solver for many. You have to remember one password and the remaining passwords are encrypted and stored in the service database. Their advantage is that new versions always support state-of-the-art encryption methods, whereas user-friendly interfaces allow information to be retrieved from the system quickly and easily (by means of copying, auto expand, etc.). However, the issue of centralization remains open. The user entrusts their password to a certain system that stores all information in a single database. Passwords can be convenient and easy to store in such services, but security cannot always be guaranteed. We remember the LastPass data leak in 2015. As a result, encrypted passwords, password reminders, and user e-mails were disclosed.
Addressing the Authentication Issue
Blockchain technologies are the ones to revolutionize the password-use approach, making it totally secure and user-friendly. Passwords can be brought out of use, thus completely removing the human factor from the authentication process. It is time for a new generation of services based on blockchain platforms with high speed and low fees, e.g., EOS.IO or Credits, the latter being well-known for processing up to 1,000,000 transactions per second and using cutting-edge encryption algorithms.
User network authentication systems can be based on password encryption through the use of private keys. The same technology is used by blockchain networks for transaction verification purposes.
A private key is a random 256-bit symbol sequence. The number of such keys is virtually endless. If we try to guess a private key value by processing up to a trillion combinations per second, even the age of our universe will hardly be enough! The volume of private keys has a fundamental role to play in the blockchain network protection.
The blockchain of EOS.IO, Credits, or any other platform will store the passwords encrypted with your private key. Any person will be able to launch an application using their smartphone in order to manage password access. Once you are logged in to a service, the application will find and decipher the relevant password of any complexity. It will further create and record on the blockchain a new password for your next connection to such service as needed.
Moreover, you are free not to store your personal data, repeatedly found in the centralized databases of various services, but provide them in an encrypted form upon request.
As a result, the ability to store sensitive personal data on the blockchain will eliminate the need for the services’ centralized password storage bases. Password server hacks, phishing, the capture of Internet connections, and other currently known hack attacks will no longer be necessary. All the user will have to do is keep their private key in a safe place.
Advantages of Blockchain Technology
- Service availability for every user. Next-generation blockchain platforms are characterized by high data processing speed, scalability, and unlimited geography.
- Convenient reading of privately accessible data.
- Data invariability — once recorded, data can be neither modified nor deleted. Passwords or personal data cannot be lost.
- There is no need to remember numerous passwords; it is enough to keep your private key and protect it from outsiders.
- State-of-the-art encryption method — the Сredits platform, for instance, generates keys with employment of elliptic curves based on ecdsa25519, which is the best method for such systems. It means that any user data will remain protected.
- Blockchain platform functions can be enhanced much easier than it may at first seem. The technology offers far more opportunities than simple operations involving intangible assets. Its key benefits are security and reliability.
Opinions expressed by DZone contributors are their own.