Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
You can now sign into websites using public keys derived from your crypto wallet â an order of magnitude more secure than using a password.
What better way to celebrate World Password Day (May 7) than with a new solution from the cryptoworld to get around insecure passwords and phishing attacks?Â
The lnurl-auth protocol allows users to sign into various accounts by receiving a QR code with a special message. This allows them to use a public key associated with their wallets to derive a unique key that is only compatible with the domain theyâre trying to access. This key would authenticate that they are the owner of the account.
Podcaster Marty Bent said the system meant websites no longer had to look up your information on a centralized database that is susceptible to being hacked:
âNo more remembering unique passwords for separate sites. No more creating unique email addresses for different services. No more having to worry about the site you are interacting with having your data stolen from them. Pure, self-sovereign control of your accounts across the Internet. No usernames, passwords, or identifying information other than the public key that is derived upon sign up.â
Tips for the present, not the future
Thatâs something to look forward to but until it becomes widespread youâll need to find other ways to keep your passwords secure.Â
According to a survey from Proofpoint's 2020 State of the Phish Report 44% of respondents in the United States used a password manager â a protocol which stores passwords and can fill them in forms when needed â for their online accounts, which is well above the 23% global average.
Crispin Kerr at Proofpoint said password managers are the most secure option:
â...weâve found that many [users] typically reuse passwords or donât change them on a regular basis because password management is inconvenient. Additionally, many find it difficult to remember increasingly complex passwords for the multitude of online services they are using today, which includes things like companyâs intranet login, bank accounts, streaming services accounts, government services accounts, etc. For these reasons, we highly recommend a password manager.â
While password managers are the most popular method of password protection in the U.S. respondents from other countries like Australia, France, Germany, and the U.K. were more likely to rely on manually entering different passwords every time they logged into an account.Â
An average of 16% of respondents worldwide admitted to using the same one or two passwords for all of their accounts, something which is not âadvisable from a security perspective.â
Improve password strength
Proofpoint also offered tips for people to improve their password strength, including avoiding any personal information like birth dates, names of pets, and names of friends or family. Passwords should be âat least 12 characters, with two or three different types of characters in unpredictable placesâ and users should âavoid placing capital letters at the beginning or digits or symbols at the end.â
If the user is someone with a bad memory for passwords, passphrases can be a lifesaver. Create a sentence and use the first letter or two of each word as your password, mixing in capital letters and numbers as needed. For example:
we canât eat 15 New York pizzas, but those 5 people can
Password: wce15NYpbt5pc
Protect your wifi with a password tooÂ
As more people transition to working from home through their own wifi networks or ones recently set up with which employees may be unfamiliar, the likelihood of phishing attacks through spoofed login portals increases.
The Proofpoint report found that 95% of global workers already had a home wifi network, but only 49% of people protected it with a password. In addition, only 31% changed the default password on their router.
Phishing attacks, whether they fool victims into logging into a fake online portal or clicking on a URL in an email, can cause remote workers to âdeliver even the most complex and unique passwords directly to the attacker.â
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.