A New Approach To Passwords Security
Passwords have become central to our lives. They are the keys that open the front door to our digital world, from our bank accounts to our communication accounts, our entertainment accounts to our social accounts.
While cyber breaches have increased by 75% in the last two years, Verizon reported 81% were linked to weak, reused or stolen passwords in 2017. It can go like this: a social site, hotel server, telecom service gets breached, or company staff falls victim of a phishing attack. With credentials like name, login and password, hackers can now try combinations or variations from records easily found on the dark web, onto services that most people use. As major data breaches are now recurrent, creating strong unique passwords for each account has become a critical step to stay safe online, while enabling two-factor authentication should be done whenever possible.
Unfortunately in the space of a few years, instead of needing 2–3 passwords, we now need 80–90+ passwords. Meanwhile strong passwords carry an inherent difficulty: they are hard to remember. Caught between the sheer number of passwords and the difficulty to remember them, people have increasingly looked for password managers for help.
Choosing a safe way to manage your passwords
There are two kinds of password managers on the market. In recent years, cloud password managers have become popular. You only need to remember a master password. Once you type in your master password, you can access all your passwords which are stored on the cloud. While it is convenient, the risk is the same as if you had one single key that opens everything in your physical world. Because your passwords are now centralised behind a single password, that password becomes your single point of failure. If you forget that master password, lose it, or it gets stolen, you risk losing everything. The other important issue to note is that you store your passwords in the same servers as millions of other people. Not only those constitute a targeted prize for cybercriminals and hackers, but if and when they get hacked, millions of people are instantly affected.
More recently, we found another way to solve the identity and access management headache. It starts with a radically different approach: rather than centralising passwords, the solution is based on a fully distributed decentralised risk-model. Instead of storing passwords on the cloud, passwords are encrypted and saved locally on the device. Instead of keeping all passwords behind a master password, passwords are stored under one, two or three levels of security depending on their sensitivity. And instead of using a master password, each user accesses their passwords with a unique combination of finger print, pin, lock pattern, face ID and voice passphrase. Simply put, if your account email and password are leaked because of a data breach, your other accounts remain unaffected.
A trip back in time
If necessity is the mother of all invention, a trip back in time triggered the solution. A few years ago while visiting the ancient Greek city of Mycenae, a simple logic applied in the Late Bronze Age caught my attention. The Mycenaeans had built their city inside three concentric walls of protection: the first gate protected the city, the second gate the garrison, the third gate the king. Applying the same logic, Mycena Password Fortress mobile application was designed to make passwords security as simple as possible. The application turns your device into a portable electronic vault you keep with you. First the app helps to generate a strong unique password for each account, removing the pain of creating a new one yourself. Then you choose to save the password in Bronze, Silver or Gold level, our three levels of security. That’s all! Your password is saved, encrypted on your device, not on the cloud.
For ultimate security, you — and only you — can access your passwords quickly and safely. And if you ever lose your device, a thief couldn’t access your passwords without your identifications including your biometrics, while you can simply reload your passwords onto a new device from an encrypted backup. In both an innovative and straightforward way, Mycena restores passwords original function as an identity proof: only the person with the right password for that particular account can see what’s behind it.
Protecting critical data
Even though passwords protection concerns everyone online, it is even more critical for organisations holding sensitive information to protect their passwords. Sectors where a data breach would endanger us all include defence, police, government, energy, water, utilities, infrastructure, technology, banking, healthcare, pharmaceuticals, transport, law…
Mycena is a mobile application for smartphones and tablets, downloadable from the Appstore or Google Play. Companies can sign up for a free trial on https://mycena.co/business
Originally published at mycena.co on December 11, 2018.
