Tag: passwordless

Is vaccination certification the way to go?

July 22, 2021 /

We are almost two years into the COVID-19 world, and we saw a good number of ways to control the pandemic. We now have vaccines, which will hopefully become better and better with time, and finally, the pandemic will be over. With the bright light in the tunnel, there are some disadvantages to our privacy. Many governments decided to issue digital vaccination certificates and grant access to part of the locked-down social services such as cinemas, bars, hotels, concerts, etc. However, we need to understand that such a solution comes with its burden, especially if it is not appropriately designed.

But what are the different methods of actually issuing a digital certificate for any data? We need a CA (certification authority) to sign somehow our data. In the paper world, this happens using the signature and the stamp of a notary. In the digital world, the certificate is signed by a computer machine using modern cryptography methods. There are different mediums for this digitally signed certificate, and I shall cover them in a shortlist:

On the diagram, you can see a standard NFC solution technical diagram. The reader is sending energy and data using electric magnetic fields. The NFC data storage is passive and usually does not have a battery.
  • A printed certificate with QR code: For many years, the aviation industry has used QR codes for authentication purposes and a faster onboarding experience. The QR code contains a signed data read by the boarding gate, and if adequately verified, the gate allows the passenger to pass through. This method gives good privacy from a privacy point of view, but you will need to keep the paper with you constantly. And this is especially true in the case of a vaccination certificate. Additionally, everyone can read the QR code.
  • A digital record based on your data: Almost every person on the Earth has a personal identification number issued by his/her country of origin. The government could use this data to base the vaccination certificate on it and record your number of shots into an online server. However, this is the most terrible method in terms of privacy, because usually vaccination plan is personal data and must have a proper authentication mechanism defending it.
  • NFC-based certificate: Modern digital ID cards use this technology to keep a signed copy of your data. This way, everyone with an NFC reader can read the data from your card and verify it using the stored digital x509 certificate. As opposed to the paper solution, the NFC one is reprogrammable, which means we could reuse the same card/chip to update the data with more medical information, and everything stays locally in the card. This option is the best in terms of privacy. However, you will need an NFC reader-protected purse or backpack to keep the data safe.

In conclusion, digital vaccination certificates can help governments control the pandemic. However, there are many privacy issues in the long term, which could affect the general population. For example, what happens if hackers manage to collect data for everyone, whether vaccinated or not, and create illegal lists with people, which employers can later use to decide whether to hire or not a given candidate. There are already cases with illegal chronic diseases-based lists distributed on the black market. We could easily see a similar future for our vaccination passports data.

Is Identity-Based Passwordless Authentication the Way to Go?

April 15, 2021 /

User identity and security have continuously been reinforced in the organization by the use of strong passwords. User accounts tend to be restricted based on specific passwords typed. However, that has changed due to the technology rise that has wiped away the traditional password methods. Although some organizations still prefer passwords, authentication is slowly evolving to be passwordless due to convenience and efficiency purposes. Identity-based passwordless authentication is the focus of organizations and IT migration.

Passwordless authentication helps curb the insecurity that is common with organizations. The trends in cybercrime require that organizations implement robust measures of security in helping minimize the consequences.

Most technology-driven organizations have already implemented identity-based passwordless authentication. One popular method is biometric authentication as the main component of identity-based passwordless authentication. It integrates the biological features to develop some of the most effective solutions for signing into information systems and corporate portals. Significantly, a better approach to the management of user profile security and accessibility is by leveraging the biometric features and integration with IT to help promote a seamless process of identification. However, it is essential to ensure that the biometric data stays on your device and is adequately encrypted. In another case, once stolen, anyone can reuse it. Other methods use directly public and private key cryptography to achieve the same results.

You can see a sample passwordless authentication based architecture on the diagram. Users use a gesture to unlock a hardware device and different apps use the private key stored in this hardware device to sign a random token. Later this signature is verified on the server.

The uniqueness and strength of restricted access are robust in passwordless protection. Its features help in the promotion of quality and proper protection techniques, which are vital. Considering diverse approaches and key organizational security management measures, organizations have opted for identity-based passwordless authentication.

Cybersecurity is a significant concern, with hackers targeting high-profile organizations and creating weak points while accessing sensitive information. According to recent research, technological migration has been towards passwordless identification. The users do not have to use password authentication to access the organizational profiles. Necessarily, integration and passwordless leverage are vital in implementing the proper security protocols to achieve the desired security goals.

The feasibility of identity-based passwordless authentication is another competitive advantage. Passwords are tedious. Every time you enter them, you waste time as a significant impediment to a flawless work process. Most employers prefer passwordless authentication because they implement strategic and focused measures to improve access levels and ensure necessary and fundamental elements.

Passwords are the primary targets for hackers since they only have to master the keywords and process execution, which results in cracking of the security architecture. Biometric technology is the best way to focus and help advance its security needs, mainly by implementing efficient identification processes.

According to attackers’ behavior analytics, a strategy to reduce the attacks is by sensitizing people to implement passwordless authentication. Natural features are unique, and the level of security provided by investing in such technology is excellent. Howerer, the future will show whether it will help to improve safety and to meet various businesses’ needs regarding cybersecurity solutions.