Security startups bid to remove password authentication
Security startups Identité and Volterra have recently released new authentication tools in a bid to remove passwords from online authentication processes.
In the last two decades, hacker tech has increased dramatically, adding the threat of screen scraping, key loggers and password bots. As password security struggles between vulnerable ease-of-use and inconvenient, complex passwords, tech companies have started to remove them from authentication completely.
A year ago, Google, Microsoft, and Mozilla partnered with tech companies Yubico, Qualcomm, Duo Security, and Nok Nok Labs to release WebAuthn – allowing passwordless technologies to authenticate online services. It was intended as the new standard of secure authentication, but the implementation process was slow as it requires the technology to be built into each application’s framework in order to function.
Previously heralded, biometrics has also come under fire as a finite resource and a replicable string of data – biometrics exiles outdated tech as it requires built-in security hardware.
Software solutions and cloud services security startup Identité has answered the security issue with the mobile app authentication system NoPass. The three-way authentication process enables user and server to identify one other.
Six-month-old distributed cloud services platform Volterra now offers VoltShare as a secure data-sharing tool with end-to-end encryption.
According to Identité, ‘NoPass employs a patented-pending process known as Full Duplex Authentication’. During registration and authentication, the user and NoPass service will recognise one another as valid, removing man-in-the-middle and phishing attacks from the equation. NoPass’s three-step authentication process is claimed to be faster and easier than both passwords and two-step verification.
Nopass requires download and authentication via a mobile app now available on Apple and Android stores. Following app installation, all authentication processes will launch the NoPass app which will present an image or number for visual verification to be verified using biometrics. A Docker image is installed upon purchase of subscription of NoPass and may require HTML amendments to provide registration and authentication information.
Unlike most apps, users are also protected against NoPass, which encrypts access against private user data, such as contacts, text messages, photos (but does requests permission for the camera to scan code). NoPass does not have access to user files, and cannot recognise other device applications.
However, in relying on authenticating via the user's smartphone, NoPass makes shared security particularly difficult and does not provide an obvious solutions for agent's requiring access to client systems without shutting the authentication system down.
Pricing for NoPass is on a subscription model that starts at £1.60 p/m per user. Consumer, government and volume discounts over 5,000 users are available.
VoltShare claims to differ to standard end-to-end encryption solutions through its ease and security in sharing sensitive data, and detailed logs and analysis. Instead, VoltShare adds a second layer of security to cloud storage and collaboration services by using a single piece of data known to the sender (eg the recipient’s email address). Senders specify perimeters using policy-based controls like time limits.
Volterra also claims that VoltShare negates vulnerabilities in standard encryption technology like asymmetric cryptography and PGP by double protecting encryption keys with other cryptographic keys managed by a key management system in Volterra’s infrastructure.
VoltShare is available as a software development kit (SDK) or application programming interface (API) to enable secure data sharing with integrated apps. However, application of the application involves a download, account creation, file attachment and policy creation, suggesting may be more complex that Volterra claims.
Using data specified by the sender within the specified policy-limits, recipients can decrypt the secure information sent.
VoltShare offers a basic freemium package, but includes enterprise-level security, compliance audits and governance within the paid package.