Data breaches have become so common in recent years that it is now difficult to keep up with the daily stream of news about user information being stolen.
Due to the frequency, most of the public and news outlets focus on only the most damaging breaches containing the most sensitive personal identifying information, routinely ignoring the more common hacks that leak usernames and passwords for basic website accounts.
Yet with most people reusing passwords for different accounts, these hacks are equally as dangerous, forcing experts to consider what can be done to shift the paradigm.
While a number of different options have emerged, Ethereum co-founder Charles Hoskinson said in an interview that blockchain was the key to a passwordless future for the internet.
“It’s crazy the creativity people have when trying to defraud consumers. The technology that we have in society is very malleable because it was built for accessibility. It was built for rapid growth and it was built as an open infrastructure. But it wasn’t built for security,” Hoskinson said.
“What you can do with blockchain is start having authentication where you don’t have to have a username or password but it’s much more secure and you don’t have to reuse a password across every website, so if a hacker gets access to that, they won’t have that.”
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
Hoskinson has become a leader in the blockchain space, co-founding Ethereum with Vitalik Buterin and others before moving on to creating a crypto company called IOHK and a blockchain project called Cardano.
The core principles of blockchain, he explained, can be applied to anything and can be useful for a variety of things, including authentication.
“Right now, we have this problem with authentication. If you go to a bar and ask for a beer, you give them your license to prove age. But the issue is that they don’t just get proof that you’re 21, they get your name, actual age, address, organ donor and more,” he said.
“We have these imprecise identity and authentication systems where to establish a fact, whether it be age or paying taxes, you have to collect a lot more information than you need just because of the medium of how it’s done. So many companies become data warehouses as a consequence of that mandate and they end up storing huge amounts of information about people. If they get hacked, that information gets leaked.”
Blockchain proponents have spent years figuring out a unified place to store credentials while also finding ways to prove facts about people by only revealing the minimum amount of information necessary.
“We can use zero knowledge cryptography and these things to say: ‘Hey, you’re over the age of 21. I won’t know how old you are but I can get proof you’re over 21. I can know you live in New York but not get your address,” he added.
“That’s much better for consumers and for the merchant. Better for the consumer because they know their data won’t be leaked and better for the merchant because they don’t have to be a data warehouse and store all that information about their customers. It’s a liability for them. They don’t make any money from it or perversely, they do make money by selling that data, but in both cases that’s suboptimal for us all.”
Hoskinson highlighted that this effort to find new avenues for authentication is part of what keeps him excited about the industry he works in.
“Access control is done through public key crypto. You have an open ledger that everyone can see and it has a property called inclusive accountability so we can all check it and verify it,” he said.
“There is something intrinsically good about changing that paradigm a bit. It allows us to have cool stuff like a password-free internet and proofs that get you to a point where you give a minimum amount of information necessary but you still are able to prove the things the merchant needs to know.”
Although blockchain has been touted for its security benefits, it is not perfect. There have been multiple instances of cryptocurrency exchanges being hacked or breached, with millions stolen.
Hoskinson said that throughout his eight years working in the cryptocurrency space, he has seen “egregious” conduct where exchanges handling billions of dollars would be outsourcing custody and software development to low-cost firms.
There was also a lack of regulation for cryptocurrency exchanges at the start, allowing poorly built infrastructures to gain popularity and then flame out, he said.
“This is an example where regulation tends to help. There were no standards and not strong regulation on the exchanges, so there was not an incentive for them to focus on inconvenient and expensive but necessary things. When you’re running a startup, it’s all about how to grow, make more money and move faster,” he said.
“Thats OK when your product is a social network, but it’s not good when your product is something that holds other peoples’ money or has a lot of control over their privacy and safety. That’s why the medical and financial industry is highly regulated.”
He also noted that the materialization of private industry standards was helping keep bad actors in check.
Hoskinson compared it to the medical industry, where doctors need to be board certified in a specific field in order to have access to things like malpractice insurance or hospital privileges. Over the next five to 10 years, Hoskinson expects the industry to clean itself up through mergers, acquisitions, and more stringent community standards.
He also expects there to be fewer hacks and even less hacks that can permanently cripple exchanges the way they did in the last decade.
“What we build is not about making a bank slightly more efficient or slightly more secure. It’s about asking what’s a fairer, universal way of doing things. Three billion people are excluded from the world financial system. They’re unbanked. The way the system operates, there is no financial incentive to bring them in. But these are human beings just like me. They have hopes and dreams,” Hoskinson said.
“Blockchain is all about the brokering of trust, information and facts amongst people who don’t trust each other but have to for a market to work.”