Sign Into Websites Using Your Crypto Wallet Instead of a Password

Published at: May 7, 2020

What better way to celebrate World Password Day (May 7) than with a new solution from the cryptoworld to get around insecure passwords and phishing attacks? 

The lnurl-auth protocol allows users to sign into various accounts by receiving a QR code with a special message. This allows them to use a public key associated with their wallets to derive a unique key that is only compatible with the domain they’re trying to access. This key would authenticate that they are the owner of the account.

Podcaster Marty Bent said the system meant websites no longer had to look up your information on a centralized database that is susceptible to being hacked:

“No more remembering unique passwords for separate sites. No more creating unique email addresses for different services. No more having to worry about the site you are interacting with having your data stolen from them. Pure, self-sovereign control of your accounts across the Internet. No usernames, passwords, or identifying information other than the public key that is derived upon sign up.”

Tips for the present, not the future

That’s something to look forward to but until it becomes widespread you’ll need to find other ways to keep your passwords secure. 

According to a survey from Proofpoint's 2020 State of the Phish Report 44% of respondents in the United States used a password manager — a protocol which stores passwords and can fill them in forms when needed — for their online accounts, which is well above the 23% global average.

Crispin Kerr at Proofpoint said password managers are the most secure option:

“...we’ve found that many [users] typically reuse passwords or don’t change them on a regular basis because password management is inconvenient. Additionally, many find it difficult to remember increasingly complex passwords for the multitude of online services they are using today, which includes things like company’s intranet login, bank accounts, streaming services accounts, government services accounts, etc. For these reasons, we highly recommend a password manager.”

While password managers are the most popular method of password protection in the U.S.  respondents from other countries like Australia, France, Germany, and the U.K. were more likely to rely on manually entering different passwords every time they logged into an account. 

An average of 16% of respondents worldwide admitted to using the same one or two passwords for all of their accounts, something which is not “advisable from a security perspective.”

Improve password strength

Proofpoint also offered tips for people to improve their password strength, including avoiding any personal information like birth dates, names of pets, and names of friends or family. Passwords should be “at least 12 characters, with two or three different types of characters in unpredictable places” and users should “avoid placing capital letters at the beginning or digits or symbols at the end.”

If the user is someone with a bad memory for passwords, passphrases can be a lifesaver. Create a sentence and use the first letter or two of each word as your password, mixing in capital letters and numbers as needed. For example:

we can’t eat 15 New York pizzas, but those 5 people can

Password: wce15NYpbt5pc

Protect your wifi with a password too 

As more people transition to working from home through their own wifi networks or ones recently set up with which employees may be unfamiliar, the likelihood of phishing attacks through spoofed login portals increases.

The Proofpoint report found that 95% of global workers already had a home wifi network, but only 49% of people protected it with a password. In addition, only 31% changed the default password on their router.

Phishing attacks, whether they fool victims into logging into a fake online portal or clicking on a URL in an email, can cause remote workers to “deliver even the most complex and unique passwords directly to the attacker.”

Tags
Business
Hackers
Cybersecurity
Security
Related Posts
Poly Network offers to on board 'Mr. White Hat' as chief security advisor
Decentralized finance protocol Poly Network has offered the person behind a $610 million hack an advisery position and $500,000 — whether they like it or not. In a Tuesday update, the Poly Network team said, in a seeming attempt to gain access to the hacker’s expertise, that it would be inviting them to the position of chief security adviser. In addition, the project will be sending a $500,000 bounty for the attacker, whom Poly dubbed "Mr. White Hat," despite the fact they have previously refused any payment. “Poly Network has no intention of holding Mr. White Hat legally responsible, as …
Business / Aug. 17, 2021
Hotbit crypto exchange shuts down for maintenance after attempted hack
Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday. “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads. The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange. With all normal operations currently paused during the ongoing maintenance, …
Business / April 30, 2021
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023