Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords?
How blockchain works
Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions. Its security benefits stem from its decentralized nature: this distributed ledger can be accessed by participants across various nodes, and is unalterable. All users retain control as a group, meaning no single person can change the ledger.
How could this provide security benefits? One advantage is the ability to create a ‘self-sovereign ID’ that alters the way that a user identifies themselves online. Essentially, it creates a private ID for a user that they control, rather than relying on a centralized institution: they can logon to a particular website or service using their identity on the blockchain.
These identities utilize cryptographic keys, rather than passwords: your private key would be used to authenticate you through verification with a corresponding public key. It could be further bolstered by two-factor authentication (2FA) or multi-factor authentication (MFA): for example, when logging onto your bank account.
Key advantages
It’s easy to see how this could bring significant security advantages. We all know the dangers inherent in passwords, from phishing to simple user error: reusing the same, easy-to-guess password, for instance. With a blockchain-based authentication system, it should be possible to significantly reduce the risk of data breaches, because the decentralized nature of the technology simply removes the centralized databases that are key targets for such attacks.
What advantages is this providing in the real world? There are numerous examples. For example, R3 Corda is a distributed ledger technology designed for financial services, enabling the secure exchange of data and value between parties. Such technology could be used in such areas as Know Your Customer (KYC) in finance, enabling banks and other operators to verify someone’s identity without putting their privacy at risk.
In healthcare, it is being used to prevent unauthorized access to medical records and to enable the secure sharing of patient data. Infosys BPM reckons that the blockchain tech market in healthcare could exceed $215 billion by the end of 2036.
Challenges ahead
Like any rapidly developing technology, blockchain poses challenges in the security space and beyond. Let’s look at a few.
Cost: Blockchain can be pricey, consuming large amounts of energy and computing power to validate transactions. The United Nations University found in 2023 that if Bitcoin was a country, it would consume more energy than Pakistan.
Unfamiliar technology: Despite the growing prevalence of Bitcoin and the like, most people – and organizations – still have little idea of how blockchain actually functions. This could slow down the adoption of the technology.
Legal and regulatory issues: Digital identities are a tricky area, with different jurisdictions and countries holding varying standards. That could make it difficult to build global traction.
Storage requirements and scalability: Blockchains require storage, a challenge that could grow as the technology is utilized more widely. It is vital to focus on the scalability of the solution, ensuring that it delivers the speed required.
Interoperability challenges: Without international standards, it’s unclear how interoperability would be achieved. It’s vital that identities can be verified across different devices, sectors and even international borders.
The future of passwords
That’s not to downplay the potential of blockchain as a security tool. With its decentralized nature and use of cryptography and private and public keys, it provides huge advantages. Even challenges around power consumption, cost and regulations could be addressed as the technology expands in use.
However, while no-one can predict the future, it seems highly unlikely that passwords will vanish anytime soon. Passwords offer key advantages that provide them with an enduring appeal: they’re simple and universal; they’re flexible as they can easily be reset; and despite the risk of hacks and breaches, they remain effective, simply because they’re either right or wrong.
Protect both the logon and the password
Yes, they can be vulnerable. Ideally, users they will opt for multi-factor authentication, combining passwords with other security measures – this could include blockchain-based methods. Protecting both the logon with effective MFA such as Specops Secure Access works best in combination with strong password security.
As long as passwords remain in use, organizations need to ensure their active directories are free of weak or compromised passwords. Specops Password Policy makes it easy to enforce a strong password policy, while also scanning your active directory for breached or compromised examples. It currently blocks more than 4 billion compromised passwords –and the list is always growing.
The reality is that individuals and organizations continue to rely on passwords for security online. This fact – combined with the challenges around adopting new technologies like blockchain – mean organizations simply cannot afford to neglect password security, at least for the foreseeable future. Interested in better protection around passwords and end user logons? Get in touch to learn more.
About The Author
Original post here
