Interview: How Blockchain Can Make Passwords a Thing of the Past

[Pegasus]

REMME CEO Alex Momot spoke with CCN recently about the project’s goal to eliminate the need for passwords and related security problems using something he calls a “digital passport” that operates on a blockchain.

Blockchain Tech Can Make Passwords Obsolete
Instead of the password/username architecture, each user device is issued an SSL certificate. The certificate data is stored on the REMME blockchain and authenticated with that technology so that fake certificates cannot be used. Hackers typically target authentication servers and password databases to carry out mass attacks, and the lack of a centralized server or password database should theoretically render common attacks of that nature almost impossible.

Users are issued keys on signing out that are used just once when signing back in and then destroyed, replaced with a different key and optionally used with 2FA for added security. CEO Momot says that the project was inspired by a personal experience — the loss of an ethereum wallet key.

“The idea first came to me when I lost my password to [my] ethereum genesis wallet way back in 2015. In the end, I was able to guess the password, but it became a final countdown for REMME. From this event, the idea of REMME WebAuth 1-click user authentication was born.”

Momot founded REMME to find a way around the password problem. After considering solutions like storing geolocation and IP on the blockchain, the project team decided that having too many criteria was a bad idea, and opted for designing the digital passport instead.

A native blockchain was created following some early experimentation with the Emercoin and Bitcoin blockchains, and the experiment has now grown into a fully-fledged project aimed at changing the use of public key infrastructure (PKI).

“Now we are building an infrastructure for secure distributed authentication and validation of users, businesses and devices across the web, with digital certificates,” Momot said. “We aim to make the process secure and at the same time simple. When dealing with cybersecurity, every detail is important.”

The Goals of the Project

Further describing the goals of the project, Momot explained:

“The first goal is that we want to eliminate the weakest point, which are passwords from the authentication process and provide better authentication for users and for devices. But the key point is how we want to do that – with the help of blockchain.”

Blockchain can be used to protect data from cyberattacks and improve cybersecurity across industries. Momot points out that those who believe that blockchain provides uncensorable truth are mistaken, stating that what blockchain grants is uncensorable proof. The ability for network participants to monitor activity in real-time makes it tamper proof, paving the way for new cybersecurity solutions that were previously impossible.

“Our second main goal is to break new ground and establish a path to collective understanding of distributed ledger technology.”

The REMME testnet was launched in September 2018, and Momot says the release of the sidechain testnet means REMME technology is ready for testing in a full-scale business environment.

“About a week ago we launched our masternode program, which is open to the cryptocurrency community. Each node will provide consistency and fault tolerance and operators will be rewarded with fees from signing transactions for certificate issuance and revocation included in a block. Completion of the masternode application period is on 17th October.”

Momot says the next step is to release full details of the project’s new consensus algorithm, which has not yet been made public.

“We’ve also put a lot of work into refining atomic swaps. In the case of REMME, we’re using atomic swaps to enable REMME’s native REM token, which operates on the ethereum network, to be exchanged for corresponding tokens on REMChain. By using atomic swap technology, we can eliminate the need for a centralized exchange and the inherent security risks that such systems introduce.”

In the world of cryptocurrency where transactions are irreversible, password protection and security are paramount — the replacement of the traditional architecture with a blockchain-based solution that makes life difficult for hackers could be a welcome addition, if successfully implemented.

Source