By Sharat Chandra, Blockchain & Emerging Tech Evangelist
Multiple studies have established the fact that passwords are the weakest link in security. More than 40 % of people reuse their passwords across different platforms. A Verizon report which analyzed two thousand data breaches found that more than 20 % of data breaches happen due to credential thefts. Forrester says that a password reset costs close to $40-$50 per call. Remembering passwords is not easy and writing them down is not a safe practice. Most organisations mandate their employees to change passwords of applications they use every month or every three months. It has been observed that employees add a letter or a digit to a previously used password or save passwords on their phones which are prone to hacking by cybercriminals.
Passwords present different sets of challenges to the information technology departments. The onus of storing passwords securely is on the IT department, and any failure in reporting data breach to regulatory authorities can result in massive penalties. It’s time organisations should eschew passwords and embrace blockchain-based passwordless authentications solutions.
How passwordless authentication, powered by blockchain, works?
Passwordless authentication is one of the forms of Multi-Factor Authentication(MFA) and uses either fingerprints or biometrics. A blockchain-based passwordless authentication solution replaces usernames and passwords with biometrics thereby mitigating risks and uses zero trust security to enhance employee experience. By leveraging DID(Decentralized Digital Identity), organisations can improve the security of their network and enterprise applications.
A secure mobile application, supported by blockchain, can be used to capture face and fingerprints. Biometrics are often related to corporate credentials and can be used to empower employees to authenticate by using their biometrics, thereby making usernames and passwords redundant. There are multiple passwordless authentication solutions, built on blockchain, which can integrate with Active Directory easily. Blockchain allows enterprises to encrypt identity data of users and replicate them across online servers. Decentralization ensures that there is no single point of failure. Immutable nature of the distributed ledger technology captures the audit trail of all verifiable claims.
Decentralised Digital Identity (DID) Based Authentication Services :
DID based authentication services offer three types of roles to an entity: Issuer, Prover & Verifier.
*Issuer: An issuer is generally an organisation within the network. The issuer is authorized to act upon claim request from Prover to establish proofs.
*Prover: A prover is required to establish his/her digital identity by raising claim requests.
*Verifier: A verifier confirms the authenticity of the Prover.
Proofs can be saved in a wallet app on mobile devices.
Benefits of DID based authentication solutions:
User Experience: Passwordless authentication enhances user experience significantly and saves the trouble of remembering passwords.
Privacy: The proof of decentralized digital identity is stored on the ledger, thereby ensuring user privacy.
Additional Security: For critical business applications, blockchain-based passwordless authentication solutions can be coupled with other authentication solutions to provide an extra layer of security.
Passwordless authentication solutions built on blockchain not only improve the user experience, security but help organisations in complying with privacy regulations such as GDPR. Simplify compliance and future proof your business against password breaches by adopting a passwordless authentication solution powered by DLT . For greater adoption, interoperability and standardization across different passwordless authentication solutions, built on public or private blockchains, bodies like Decentralized Identity Foundationare working closely with leading solution providers and blockchain companies.
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org