Blockchain as the Solution to the Insecurity of Passwords

Passwords alone can no longer meet our security needs. According to the 2018 Verizon Data Breach Investigations Report, 81% of hacking-related breaches were due to poor password management.

With an unprecedented number of data breaches in the last 12 months, corporates and individuals are asking themselves whether it is worthwhile to continue to use antiquated, incomplete, or weak security measures to safeguard vital information entrusted to them.

Some solutions, such as two-factor authentication, have gone part of the way to fixing the problem; however, reports of information loss and security breaches persist.

The problem is a thorny one, password management is weak, websites are insecure and so our data lies with corporations who manage the websites but are vulnerable to hacking. Increasingly, this state of affairs is becoming unpalatable.

One solution is to reverse the state of affairs and use blockchain to eliminate the need for individual companies to store passwords in their database, fundamentally changing user authentication.  

In blockchain-based systems, each user receives a public key and a private key, and can only directly authenticate themselves by using these key pairs. The blockchain stores the public key while only the user retains the private key.

Public keys identify users (and companies) thereby providing a means to transparently track who did what and when on the blockchain. The corresponding private keys, ideally secured on a hardware device, authenticate actions carried out on the chain.

By having your private key embedded on your hardware device, it is no longer stored in an application database, which is often the target of data breaches. Indeed, even the user will not necessarily know their private key, enhancing security, and putting them in complete control of their credentials.

The interaction between users and applications built on a blockchain protocol with the additional use of hardware keys, creates a seamless and passwordless experience, and provides a much more robust and protected environment when users are online. Protocols like EOSIO, which is published by Block.one, make this a core feature. As Tayo Dada, Founder and CEO of Uncloak, “the world’s first blockchain-powered cyber-threat solution”, emphasizes, “The immutability of the blockchain provides a whole new level of protection. [And] EOSIO offers us a high-speed, highly-secure Delegated Proof of Stake blockchain”, which “Uncloak uses for… permission access to data from different groups of users, obfuscated data management for ensuring that customer information is kept private, a time-lock on data, and storage of IP/copyright data for hunter who find new vulnerabilities”.

It’s vastly different from what most of us have to live with today. Traditional centralized password-structured systems, commonly used by web applications, actually provide an opportunity for hackers to concentrate on one central target that houses all of a users’ personal information. In contrast, the decentralized nature of blockchains are specifically built with security programmed directly into the code, forcing a hacker to consider that there is no longer a single attack target as the user retains their private key on their own device.

In Deloitte’s 2018 Global Blockchain Survey, 84% of company executives agreed with the statement that blockchain-based solutions were more secure than conventional information technologies. Additionally, 74% of participants said their companies either already participate in or will likely join a blockchain association as an informational resource to learn about the various applications of the technology. As companies continue to engage with blockchain, the adoption of this more secure technology is on the horizon.

The International Data Corporation expects spending on blockchain technology to reach $11.7 billion by the year 2022, with an annual growth rate of 73.2%. Bill Fearnley, Jr., research director for Worldwide Blockchain Strategies, said that this is primarily driven by corporations looking to secure data while transforming their traditional business security practices.

Despite attempts to strengthen passwords, via length or complexity in character selection, traditional authentication systems cannot compete with the cryptographic strength offered by a key pair.   

EOSIO has become the most used blockchain in the world in part because of the security features it offers – even to applications that want to provide only highly customized access of information with only minor configuration.

The security features also mean that if an account is compromised for some reason, the rest of the database and all other users remain secure.

By placing an emphasis on user’s privacy and security, EOSIO has given blockchain an additional much needed utility, which is highly valuable to users: keeping safe the integrity of their data.

In the future, blockchains, as simple and secure systems, can become part of common-sense security practices for corporations across various industries, forming the underlying technology behind securing data. The implications are that blockchain will extend far beyond corporate and government data management liability reduction, but put ownership of data back in the hands of users.

Blockchains, like EOSIO, are raising the bar in preserving data security and will continue to distinguish themselves as the leading solution in safeguarding sensitive information online. Users, on a blockchain, will simply reap the benefits of living a simpler and more secure digital life that reduces fraud and once again, instills trust online.

Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations, and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.