That Sucks: Passwords
Hacks and ransomware are everywhere in the news. And identity theft. Talk about a way to get your life screwed up.
I need a password for my vet’s calendar program? Really? Hack away! On the other hand, I don’t want to be “that person” who single-handedly opened up Dropbox to a hack where 60M user credentials were stolen — just by reusing a password.
I’m guilty of every idiotic “solution” in the book. Same password for all accounts. Trust my system software to trap them all…except the ones it has wrong. Stickies? Yep. Every dumb trick that “The Experts” say you shouldn’t use.
Password management is a problem in search of a good solution–and no, I’m not talking two-factor authentication. I’m talking revolutionary companies whose mission is to get IT off your back. Here’s what I found.
The no-brainer. → 1Password
Smart: They put the value prop right in the name. This is the “Mom, use this” of tools, having launched in 2005. The solution is simple: You only need to remember one “master password.” And of course to record all your passwords in the app! The company started by solving consumer problems and moved up the ladder to enterprises — 80K and counting.
Venture status: Basically, the venture capitalists came knocking on 1Password’s door and begged them to take money. Series A: $200M. Nice.
Cool, but kinda creepy. → TwoSense.AI
This solution works by recognizing your behavior: how you walk, how you hold a device, typing style, mousing, etc. And it monitors constantly. It claims to catch over 95% of unauthorized users in 35 seconds. The Dept. of Defense uses this one. No comment.
Venture status: This company is still at Seed stage, with $3M raised. It’s leveraging machine learning — ok, maybe — but features a team with legit cybersecurity and app building experience. One to watch.
Big brains. → Beyond Identity
Beyond Identity isn’t the easiest tech to describe. Here goes: BI uses the equivalent of the secure protocols for browsing the web, replacing passwords with “certificates.” The certificate is established on your device, and your key is biometric data: your fingerprint, read by your smartphone.
Important part here is that you don’t need to understand or figure any of this out. BI takes care of it.
The company was founded by the guys who launched Netscape, Silicon Graphics, and @Home Network. You’ve gotta admire folks who clean up their own mess, as they charmingly confess here.
Venture status: They’re backed by New Enterprise Associates (Tier 1) and have to date raised over $100M. Big brains, smart solution. And, ok, I back any company using frequent “sucks” in its marketing materials.
Make ’ em work for it. → HYPR
HYPR also doesn’t require passwords. Instead, they move authentication keys to users’ smartphones. Essentially, few hackers are going to bother to weasel into a network via thousands/millions of individual phones. Good for consumers (no passwords to remember) and good for business (better security).
Venture status: HYPR just cruised through its Series C, raising $35M. They count Aetna, BlackRock, Rakuten, Bank of America, Mastercard, and FirstData as customers. Nice list.
There are decent solutions out there — if you put in the work (pretty minimal vs. the risk) to use them. If you do, there are probably easier marks.
Fixing the damn faucet: Finding a decent plumber (or any service contractor).
Originally published at https://blog.thatsucks.biz/passwords on July 7, 2021.