Düsseldorf Some occasions raise doubts as to whether man really is the crown of creation or whether one day he will not fall victim to his lazy thoughts. Artificial intelligence is making impressive progress. You can’t be so sure about human intelligence.
An example emerged in the UK in spring 2019. The state’s National Cyber Security Center published a study for which the security researchers had compiled the passwords of cracked online accounts. Which code word was most often hijacked? “123456”. With a long distance it followed: “123456789”.
“I am perfectly aware that cybersecurity is a complicated topic for many people,” said NCSC Director Tom Levy, “but it is really quite simple to make life difficult for hackers.” First and foremost, that means dealing professionally with the access codes to your own data, also called passwords. A few years ago, however, a survey by the US polling institute Pew Research Center showed that only 39 percent of users change their password at any time. With so much indifference, even the simplest tips can’t do anything.
Is there no other, better solution than the annoying passwords? Yes, at least a number of startups claim. All over the world cybersecurity companies are currently working on disrupting the password, financially supported by prominent venture capital companies and intellectually equipped with a lot of code competence.
Some want to use certain properties of the devices or users – such as certificates or biometric data such as fingerprints or iris prints – for identification; the others rely on AI-enabled technologies such as face or speech recognition; still others are tinkering with basic alternatives to the concept of the password. However, it is already clear today: The code word of tomorrow should look different.
The idea of a password to ensure identity is several millennia old. Already in the Peloponnesian War, the troops used pre-determined keywords to distinguish friend and foe from one another. In ancient Rome, when the guard changed, soldiers had to throw up wooden plaques with words engraved on them – so the tribune could make sure that no one deserted.
The history of digital passwords began in the 1960s at the Massachusetts Institute of Technology. Researchers there led by Fernando Corbató constructed a computer called the Compatible Time-Sharing System (CTSS). The terminals were supposed to be used by several people, but nobody wanted to share their own private data with everyone else – and so the idea of assigning passwords was born. Nice punchline from the history: Just a few years after the introduction, a software malfunction ensured that all users saw the entire list of all passwords after logging in. So the system has never been really secure.
Victim of their success
So it is hardly surprising that in 2019 alone, more than 7,000 “data breaches” became known. Just last July, hackers cracked the Twitter accounts of around 130 celebrities and companies, including Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Apple and over. What such cases have in common: In around 80 percent of all data thefts, access data is stolen and reused.
In a way, passwords are victims of their own success. Because they are so widespread, people have to remember more and more passwords – but because secure versions are cryptic and therefore difficult to remember, most of them like to use the same and an obvious code word for different accounts.
But if people are so resistant to advice, but at the same time the security of our online accounts is becoming more and more important, then one must perhaps state: The password is no longer up-to-date. It dates from a time when not all computers were made
were networked with each other and constantly exchanged ideas; When there was hardly any data in the cloud and everyone only had one e-mail account, in short: when there were few incentives for hackers to break into individual accounts.
For years people have been claiming that the password is on the verge of extinction. For a long time, however, there was a lack of real alternatives, partly because the technology was not yet fully developed. But that is slowly changing. “In the future, the password will become more and more uninteresting, unprofitable and ineffective,” says Brett McDowell, for example. He is the founding director of the Fido Alliance, an acronym for Fast Identity Online. The California-based organization has been advocating alternatives to traditional passwords for several years. And one of the most highly traded companies was founded by a German who moved to California a few years ago.
Mathias Klenk, born in Swabia, moved to Stanford after studying at the Technical University of Munich and was infected by the start-up fever near the Silicon Valley. First he invented an AI-controlled medical advisor, then an app that anyone can use to rent out a car. In 2018 he programmed a digital wallet for cryptocurrencies – and that’s where the idea for what is now the start-up Passbase came to him.
And this is how its business model works: Klenk has programmed software that switches to a certain extent between the customer and the website, automates the verification process and regulates the exchange of personal data. The vision: If all users use Passbase, in the long term one could completely dispense with passwords and clearly identify oneself on websites and in apps using biometric data. He has already won over a number of well-known investor groups, including business angels from Kleiner Perkins Caufield & Byers and the venture capital company Lakestar. The software is now used by more than 100 companies.
The timing for Klenk’s idea could be worse. The World Economic Forum (WEF) in Davos also believes in a future without passwords: “Because of the availability of biometric data and new technologies, consumers expect a better digital experience and want to be safe online at the same time,” says Adrien Ogee, who works at the WEF Addresses cybersecurity and digital trust. “Better authentication is not just an option,” says Ogee, “it’s a necessity.”
On the one hand, there are the financial advantages of a password-free world. According to surveys, every employee spends an average of eleven hours a year entering or resetting their own password. In addition to this loss of productivity, password management is a significant cost factor. Up to 50 percent of all corporate IT hotline calls involve password resets, and the estimated cost of each reset is between $ 30 and $ 70. On the other hand, customers should have more pleasure if they don’t have to carry around a notepad full of code words with them or keep them in mind, but instead can accredit, register and verify themselves easily and smoothly anywhere, without the much-cited “friction”.
The shared secret
The New York start-up Beyond Identity, behind which Netspace co-founder Jim Clark and Taher Elgamal, the inventor of the Secure Sockets Layer (SSL) data transfer protocol, are promising a user experience without such delays. The company’s founders approach the issue in a more fundamental way. The problem with all passwords is the “shared secret”. Regardless of whether it is a cryptic sequence of numbers and letters or fingerprints: All password systems are based on the fact that two parties – user on one side and the provider’s database on the other – know the proverbial key for the gate. And because this secret always has to be stored somewhere, it is susceptible to abuse and theft there.
Beyond Identity therefore relies on digital certificates. This works, roughly simplified, as follows: Companies buy licenses for an app that employees download onto their devices, regardless of whether they are smartphones, tablets or laptops. When they log into an online service, the Beyond Identity app creates a digital key in the form of a code made up of numbers and letters that verifies their identity. A few months ago, the start-up received $ 30 million as part of a financing round. The founding team wants to use the money to attract private customers who are tired of the annoying password process.
You would have met with understanding from the inventor of the password. Passwords are “a kind of nightmare,” said Fernando Corbató the “Wall Street Journal” in one of his last interviews. He doesn’t think anyone can remember all of their passwords, and that leaves only two options: “Either you keep some sort of cheat sheet, or you use a password manager. Both are a nuisance. “
More: This text comes from the new ada magazine. If you want to understand tomorrow today, please stop by: join-ada.com.