Jim Clark, co-founder of Netscape and Shutterfly, weighs in on the flaws of current cyber security efforts in place to prevent hacks.
Continue Reading Below
Clark discussed the rise in security breaches facing business of all sizes as well as organizations and government agencies.
âRecently thereâs been a spate as you know of disruptions, the DNC getting emails tapped and small business owners getting their machines encrypted so that they couldnât do business and having to pay Bitcoin ransom and thereâs, you know, massive password theft at companies like Yahoo. So weâre seeing it in a lot of different places,â Clark told the FOX Business Networkâs Maria Bartiromo.
Clark sees the use of passwords as a weak link in efforts to improve cyber security.
âIn the end it all, in one way or another, points to this deficiency I call it, that we call a password.â
Clark then went into greater depth as to why he sees the use of passwords as a deficiency.
âYou donât want to use it for access to a site because that requires that the site have a copy. You see, passwords are deficient because they amount to a shared secret. And thereâs that old joke, âa secret is something you tell one person at a time.â And the thing about a secret, this particular secret, you donât want anyone to know.â
Because of this, Clark added, âYouâve got to get out of passwords, thereâs no question about that.â
Clark explained the certificate concept used to authenticate websites.
âThe certificate concept has been around for years. Itâs used to authenticate and make sure that youâre connecting to Google, make sure youâre connected to Yahoo. Any site you go to has a certificate. And that certificate is issued by a certification authority â thereâs a complete infrastructure for dealing with that kind of issue.â
Clark says that this certification could be implemented for users as well to replace the need for passwords.
âThe exact same mechanism can be used to authenticate users, so users need to be issued a certificate, then they donât need a password and this certificate gets shared with everyone because it canât be altered, it canât be messed with. If you mess with it, Itâs no longer valid.â