Validate your problems, startup ideas to create products which people want http://needgap.com Find your customers by the problem you are solving for them. Thu, 20 Jul 2023 00:25:00 +0000 Password less authentication #authentication #cybersecurity Even when thousands of online accounts get hacked each week due to weak passwords, people continue to use them. Even though free random(pseudo) password generator apps are available for years now, it hasn't gained large adoption.<div><br></div><div>Passwords by design rely on weakness in human psych - <a href="https://needgap.com/problems/41-human-memory-lack-of-thereof-psychology-neuroscience">memory</a>; we cannot generate or remember random passwords which are secure.</div><div><br></div><div>It's time to do away with passwords completely and come up with seamless, secure alternative which can work for a layman or security professional alike. </div> 3 points posted by PasswordHater /problems/49-password-less-authentication-authentication-cybersecurity 49 Tue, 12 Nov 2019 12:31:00 +0000 Inexpensive, Accessible hardware security tokens #authentication #cybersecurity There is a rush to replace <a href="https://www.timesnownews.com/business-economy/industry/article/soon-you-may-not-require-otp-to-authenticate-financial-transactions-on-smartphones/699170">SMS based OTPs</a>&nbsp;in several markets&nbsp;with more secure and reliable alternatives for multi-factor authentication due to the growing prevalence of <a href="https://krebsonsecurity.com/tag/sim-swapping/">SIM swapping attacks</a>&nbsp;and reliability issues concerning SMS.<div><br></div><div>When compared to other authentication options, <a href="https://en.wikipedia.org/wiki/FIDO_Alliance">FIDO</a> based hardware security key/tokens have proven to be reliable and private mechanism for secure multi-factor authentication. But hardware security token's <a href="https://www.yubico.com/in/store/#yubikey-5-series">prohibitive costs</a>&nbsp;and accessibility friction have prevented widespread adoption.</div><div><br></div><div>Although app based <a href="https://en.wikipedia.org/wiki/Time-based_One-Time_Password">TOTP</a>&nbsp;is still a better alternative than SMS for two-factor authentication, it is still susceptible&nbsp;to phishing attacks and faces reliability concerns due to latency and not as accessible as SMS, Although <a href="https://en.wikipedia.org/wiki/HMAC-based_One-Time_Password">HOTP</a> fixes the latency issues with TOTP it still falls behind the accessibility of SMS.</div> 1 points posted by Abishek Muthian /problems/181-inexpensive-accessible-hardware-security-tokens-authentication-cybersecurity 181 Sun, 27 Dec 2020 06:54:00 +0000