President-elect Trump may need to add purging the password to his long ‘To-Do’ list. In a new report by the Commission on Enhancing National Cybersecurity, the group warned President Obama that password hacks are on the rise. “Identity, especially the use of passwords, has been the primary vector for cyber breaches-and the trend is not improving despite our increased knowledge and awareness of this risk” cites the report. “We are making it too easy for those who seek to do harm, whether they be nation-states, well-organized criminal groups or online thieves” it states.
Passwords, once the gold standard to protect your privacy, are now more than passé, they’ve become a liability. The outdated technology is costing individuals and corporations billions as they deal with cyber-hacking, identity theft and in the case of the Democratic National Committee’s e-mail hack earlier this year, possibly even influencing voter sentiment ahead of the 2016 presidential election.
“Passwords are easy to guess, often, and you have to share it with the site you are logged into so the site has a copy, you have a copy and all it takes is the breach of a site” to be compromised, warned former Netscape Co-Founder Jim Clark during a sit down with FOXBusiness.com.
The tech pioneer, who founded Netscape along with Marc Andreessen which was later sold to AOL (NYSE:VZ) in 1998, says his company developed a solution 20-years ago. Known as Transport Layer Security (TLS), the technology uses “Public Key Certificates” [developed at MIT in the late 70’s] to make the authentication and encryption process automatic.
“The certificate is a signed, kind of a notarized digital passport you can’t alter and you get to share with everyone, and if everyone knows your Certificate they can send you messages encrypted with that…In the case of a web site [that] has a Certificate, when you log into the web site and you connect to that website it automatically verifies that [it] is the proper website and you can’t be spoofed” explains Clark.
Clark notes the technology, when developed years ago, was ahead of its time. However, as the password proves easier prey for hackers, and tech infrastructure becomes more advanced, Clark says a wider-adoption of Certificates is a no-brainer.
“I was frustrated so I started this new company called CommandScape and I said guys we are going to use a Certificate like it is supposed to be used, we are going to give our users Certificates so they’ll never have to type in a password” he said.
Certificates run and are supported by Amazon Web services (NASDAQ:AMZN) via a log-in connection facility. You can use your phone to go to your home or business digitally via the cloud [simply a remote computer] and you specify your destination. Then you are connected and authenticated by the site’s server. No password needed.
While the U.S. has yet to widely adopt the password-less technology other countries are getting on board. The German government for example is among the countries using Certificates when citizens file their taxes.
While passwords at one time were the near-perfect protection, the technology has not kept pace with the exploding internet and ballooning world of the cloud. Even changing your password multiple times a year doesn’t cut it anymore. So why are banks, companies and workplaces still using them?
“Many of these corporations don’t realize you can actually issue certificates for users…. and to a certain degree they’re lazy, it means making a big change” laments Clark.
This is part of FOXBusiness.com’s Industry Forecast series that deep dives into cloud innovations across global businesses.