Password based authenticators are a widely used means of authentication for digital services. Examples of password based authenticators include a password, a pin, a secret question and answer, a one time password (OTP), offline OTP, transaction password, CVV, VBV. The password based authenticators have inherent vulnerabilities leading to cyber threats and attacks.
An effective alternative to password based authenticators is Cryptographic authenticators to eliminate the vulnerabilities. The alternative is a cryptographic authenticator that is designed to be equally easy to deploy, use, and is scalable while saving money.
This document elaborates the what, why and how of 𝛑-Control Cryptographic Authenticators.
Why Cryptographic Authenticators?
There are 4 reasons
Because password based authenticators are vulnerable to cyber attacks, elaboration is in the text ahead in this article.
Because PKI based authenticators are only theoretically possible. Practically they are difficult to deploy, use, adopt, run and economically scale - and no one uses them.
Because cryptographic authenticators can be designed to be easier to deploy, integrate, use, and adopt, they eliminate the vulnerabilities of password based authenticators and complexities of PKI.
Because a well designed cryptographic identity based authenticator is also useful in doing provable consent, encryption and transaction e-signing, beyond authentication.
Cryptographic Authenticator Vs Password based Authenticator
Password Authenticator vs Cryptographic Authenticator
Vulnerabilities of Password based Authenticator
Phreaking (Theft on Phone):
User gives away the secret, password, OTP, CVV to fraudster over a phone call.
User authorizes transaction received as a payment link.
Social Engineering:
Fraudster captures the password using tools.
Fraudster guesses the password using user data.
User shares it with the fraudster knowingly.
Honeypot Attack:
User sets one password for all digital accounts, that gets compromised.
Email/ document containing all passwords of user compromised.
MITM: A fraudster sniffs the password through malware on machine or on browser or on router etc.
It has been more than a two decade since the digital beings are using passwords to lock the doors of their digital participants. The lock is old enough to be changed. Enterprises have been exposed to all the vulnerabilities mentioned above. Therefore it is time to upgrade the identity and access security game to a new level with mathematical science such as Cryptography.