A modern human being has to remember dozens of logins and passwords to access all accounts at different platforms. The more reliable the password, the harder it is to remember it; and the more unique passwords there are, the higher the probability of forgetting some of them.
Can one break the old paradigm where the foundation of security, i.e. password, is the reason of its deterioration? It’s pretty hard to imagine that logins and passwords won’t be required to sign in. Yet, voice authentication and retina scanning seemed pretty sci-fi not so long ago. We might be closer to the era of password security than we think.
Solutions seeking to make things easier by creating a single entry point aren’t something new. Those initiatives have probably been inspired by old protocol Kerberos which was used to freely roam within a single website or software shell. Decentralized authentication systems like OpenID and Mozilla Persona attempted to expand the principles onto several sites and services, yet with no any serious success.
Notwithstanding the support from major brands, the technologies hasn’t been widely accepted, while Persona was finally buried in late 2016.
Phishing was considered a serious vulnerability of such services.
Open authorization protocol oAuth became slightly more popular as it allowed users to provide third parties with temporary access to their data, and sign in on any online service supporting the protocol using just one well-protected account. Still, oAuth couldn’t provide perfect protection of personal data, and relied too much on a single central account, which, if hacked, could compromise the rest.
Client SSL certificates for browsers sold by centralized certification entities are quite reliable in terms of password-free authorization. Still, the solution is quite expensive and time-intensive. There are other possible solutions involving blockchain technology. For instance, NXT authorization tokens are employed to authenticate user account with a unique signature generated by a private key. Unfortunately, NXT tokens can’t ensure sufficient security level as they’re transmitted as a whole, and therefore risk being intercepted.
There is a need for a service ensuring safe and reliable authorization, which brings to mind emcSSL protocol positioning as the first decentralized system for management of digital keys. Just like in any other decentralized structure, it’s the users who deal with certification, while EmerCoin blockchain is used to store hashes of said SSL certificates, thus ensuring UserID uniqueness.
Blockchain technology enhances security of systems, and scales them up to the global level due to decentralization. Private keys never leave user computers, so no massive leak due to a hack is possible. The system lacks any central server that could be compromised.
The emcSSL system stores personal data on so-called infocards, i.e. encrypted blocks of data on EmerCoin blockchain. When a user authorizes on a site, it’s he or she who decides which information could be accessed. Such system protects personal data when users are unwilling to share them, and allows them to enable such access when necessary (for instance, in case of online purchasing, one won’t have to fill in forms at every site as the protocol will open access to personal data at the user’s discretion.)
Nevertheless, emcSSL is quite difficult to set up, and requires certain professional skills from a user.