Usernames and passwords could be surpassed by a new open-source technology which claims to be 90% cheaper, it makers have suggested.
The new authentication system relies on elliptic curve cryptography rather than the now standard username and password system, working more like the security of an ATM.
Web security service provider CertiVox claims its M-Pin System will reduce authentication costs by 93% by turning any HTML5 browser into a gatekeeper, which authenticates to an open-source server, which stores one allegedly leak-proof cryptographic key.
Enterprises recognise customers through this cryptographic key system, where customers use a token saved in their browser – which acts like the magnetic strip on a Visa card – along with a pin number.
Just like in an ATM machine, the pin and token are combined to create an identity, which then triggers a key-agreement protocol, and the customer’s identity is vetted with strong cryptography.
Javvad Malik, senior analyst at 451 Group, said: "With the removal of usernames and passwords and replacing these with an ATM machine-style pin for HTML browsers, CertiVox brings strong authentication whilst simplifying the user interface.
"With its open source M-Pin Strong Authentication Server, we are encouraged to see CertiVox placing its trust in the developer community, seeking to address a pertinent security challenge."
Brian Spector, CEO of CertiVox, added: "M-Pin is a game changer in the authentication industry, a true alternative to username/password authentication that scales for the web.
"M-Pin is an open source multi-factor authentication system that can be deployed in minutes at a fraction of the cost of existing solutions while offering a degree of security greater than many."
This article is from the CBROnline archive: some formatting and images may not be present.