SecurityWeek editor wiredmikey shares new that Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) “have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords.”
Security Week reports:
The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of secure internet communications). It is the opportunity provided by the modern smartphone with biometric user access, enough memory and power, and a secure enclave to store the private keys of a self-certificate that never leaves the device that is new. The biometric access ties the phone to its user, and the Beyond Identity certificate authenticates the device/user to the service provider, whether that’s a bank or a corporate network…
“When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn’t yet exist to extend the chain all the way to the end user,” commented Jermoluk. “Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport (TLS) used by millions of websites in secure communications today….”
With no passwords, the primary cause of data breaches (either to steal passwords or by using stolen passwords) is gone. It removes all friction from the access process, takes the password reset load off the help desk, and can form the basis of a zero-trust model where identity is the perimeter.
Though they’re first focusing on the corporate market, their solution should be available to consumers by the end of 2020, the article reports, which speculates that the possibility of pre-also installing the solution on devices “is not out of the question.”
of this story at Slashdot.
Source:: Slashdot