Slashdot Mirror
Blockchains Are Poised To End the Password Era (technologyreview.com)
schwit1 shares a report from MIT Technology Review: Blockchain technology can eliminate the need for companies and other organizations to maintain centralized repositories of identifying information, and users can gain permanent control over who can access their data (hence "self-sovereign"), says Drummond Reed, chief trust officer at Evernym, a startup that's developing a blockchain network specifically for managing digital identities. Self-sovereign identity systems rely on public-key cryptography, the same kind that blockchain networks use to validate transactions. Although it's been around for decades, the technology has thus far proved difficult to implement for consumer applications. But the popularity of cryptocurrencies has inspired fresh commercial interest in making it more user-friendly.
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
... with, apparently, no experience:
... a startup that's developing a blockchain network specifically for managing digital identities.
It little behooves the best of us to comment on the rest of us.
If everyone uses one private/public key set for everything, then if that is compromised then the third party gets access to absolutely everything and can impersonate the user?
For those of us who use different usernames/emails/passwords from server to server that seems like a downgrade in security.
Tell me I'm wrong and I'm missing something. I've used PGP in the past and use keys for SSH logins but I've never used blockchain related stuff.
"The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
We literally need none of those people, they're just the buddies of the people who write stupid articles like this.
users can gain permanent control over who can access their data
So yea that's definitely not going to happen.
I browse on +1 so AC's need not respond, I won't see it.
Quite to the contrary of the article, some experts (derided as "geeks" in the article) are currently exploring what the blockchain is all _not_ good for or at least not any better than traditional solutions. Unfortunately, that likely includes basically everything, with a slight chance that some variant of the failed "currency" angle ("Bitcoin") may be salvageable if there is a way to reliably curb speculation and create stability.
In fact, I am currently supervising a BA thesis in this area and I expect that a mostly negative result will save the industry-partner a ton of money. I also already told the student that a negative result can certainly get a good grade if argued and justified well (same as a positive result, really). I have a second thesis lined up with a different student and industrial partner. Will be interesting to see what the outcomes are, but I do expect a "not now" or a "not ever unless special conditions are met".
Incidentally, "ethics" in the commercial space these days means "how can we manage to not get caught and still get rich". And please keep out the sociologists and designers, they really are mostly useless with very few exceptions.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Erp? How does that help anything? If you're not providing your password each time you authenticate, then somewhere it exists in an accessible form to some automated system. Using keys? You need to encrypt them (with a password). There's no getting around it. A password is at the heart of all proper authentication schemes because it is the only method that is even possible to be secure. It is the secret, the "something you know", that exists only in your head. Nothing changes if you use it to encrypt a key or a keychain or a password database or whatever else.