When fighting a digital pandemic, eliminating usernames and passwords is our vaccine
by Nick Moran, on Wed 10 February 2021
If 2020 has taught us anything, battling a virus is not easy. It takes a range of methods to protect those around us, from staying inside to wearing masks. Even with this, COVID-19 feels like it’s everywhere.
In 2021, vaccines that have revolutionized disease control with cutting-edge mRNA approaches that have tackled the virus in an entirely new way. Scientists have finally found a way to beat COVID-19, but this year will be about the vaccine’s widespread distribution over former preventative measures.
With the revolutionary advancements made in virology, why don’t we take the same approach to cybersecurity?
In 2021, hacking is our epidemic. The FBI’s Internet Crime Complaint Center saw a 300% jump from 1,000 hacking reports a day to 3,000-4,000 since the beginning of the pandemic. There has even been a spike in virus-related email scams, according to Google.
COVID-19 as a virus is the root cause of diseases like pneumonia and larger organ failure, which can lead to death. To save lives, scientists are looking to kill the root cause of these pandemic deaths: the virus. If they make sure those with the vaccine never even have a chance to get COVID-19, they also cut down the chance they suffer from the various diseases associated with it.
The same is true for cybersecurity.
The man-made digital virus was created in the 1960s when computer scientists at MIT were looking for a way for multiple users to share the resources of one computer. Their solution: create individualized usernames and passwords. This proved to be a great solution with minimal issues early on, establishing usernames and passwords as mainstays in most technology following, including into the 21st century.
However, that security didn’t last. Similar to COVID-19, usernames and passwords eventually proved to be the root cause of compromised computers. They would eventually give rise to hacked systems and massive costs for businesses to restore their digital infrastructures. It spurred more hacking avenues, like phishing and ransomware.
To combat this, technologists tried to develop a vaccine to take out the root cause — usernames and passwords — and, in turn, the diseases and issues they caused. Known as a public key infrastructure (PKI) and utilizing smart cards, this technology, which was invented in the late 1970s, was used by government agencies like the Department of Defense to remove username and password use.
The same idea has since been utilized by credit card companies with in-card chips — practically replacing a card number and pin (which effectively represent a username and password) with a secure chip card.
PKI and smart cards worked, with the Department of Defense’s digital health standing strong in the face of international hackers. In 2004, tech giants like Bill Gates declared the gradual death of usernames and passwords following the success of a more secure system. The only thing holding back the PKI-based login system from widespread use was the high barrier of entry in cost and complexity. The average business or consumer didn’t have millions of dollars to implement it or sophisticated IT departments to manage it.
Instead of the widespread use of this digital vaccine, consumers opted for more mask-like solutions. They took to traditional two-factor authentication (2FA) methods, which were cheap and easier to implement, but at the cost of lessened security compared to PKI. While it made hacking more difficult, it didn’t eliminate its root cause in usernames and passwords, making users more secure than before, but not entirely eliminating the risk of traditional logins.
The recent SolarWinds hack — an allegedly Russian SVR-led attack on multiple commercial and government agencies across the globe — proved that despite a plethora of digital protections, fundamentally, usernames and passwords are still very breachable. World-renowned technologist Bruce Schneier noted that hackers were able to dig into SolarWinds’ update server through a password breach (and the password happened to be as simple to crack as “solarwinds123”). Through that, they were able to push corrupted updates to infiltrate multiple companies and even certain branches of the U.S. government.
The various failsafes put in place in the SolarWinds attack were beaten by leveraging usernames and passwords, just as many other attacks have. It also once again raises a need for a more secure alternative to 2FA and a more accessible form of cybersecurity than PKI and smart cards. Above all else, it questions why we’ve continued to utilize usernames and passwords, which have continually been used as tools to benefit hackers long beyond their point of obsolescence.
Similar to the multiplicity of COVID-19 vaccines designed by different pharmaceutical companies, there are quite a few technologies besides PKI that allow for the complete elimination of usernames and passwords.
10 years ago, WWPass created its own solutions to eradicate the root cause of hacker attacks that were using usernames and passwords, as well as the diseases that came with them. They build on the fundamentally successful aspects of PKI that remove the need for these dated logins, but leverages modern technology to make security accessible, affordable and easy to use. The hardware infrastructure required is at our fingertips already with popular tech — it’s a privacy and security-first approach that’s a cutting-edge, new-age vaccine for our digital world.
The result is giving businesses and consumers a chance to say no to living life behind a faulty digital mask and choosing the safety of a new-age WWPass vaccine. It’s a life without the flaws and uncertainties of unsecure usernames and passwords. It’s taking a new approach to protection that significantly reduces risks of future hacker attacks.