Why Samsung NEXT and HYPR Believe the Future Will Be Passwordless
Cyber experts and engineers have long proclaimed the future of protecting sensitive consumer data will be passwordless, but the concept has yet to become a mainstream practice for the majority of enterprises. That’s why Samsung NEXT, the innovation arm of Samsung Electronics, Inc. invested in cybersecurity startup HYPR, a company that is helping businesses to better protect user data by eliminating passwords and the centralized servers currently used to store those credentials.
“Today, all our data is stored in centralized repositories alongside profiles of hundreds of millions of other people. That’s a serious honeypot for people who want that data,” said Gus Warren, Managing Director of Samsung NEXT, speaking in the cybersecurity episode of “End of the Beginning” video series that explores technology of the future across four critical fields – artificial intelligence, digital health, smart cities and cybersecurity.
With centralized data storage of passwords and personal identifiable information (PII) increasingly a target for hackers, the industry is now turning to decentralized, passwordless security systems to remove these centralized targets and make it harder for hackers to pull off a data breach.
Decentralizing data with passwordless security
In the video exploring HYPR’s advanced cybersecurity solutions, HYPR CEO and co-founder George Avetisov demonstrated how passwordless security on smartphones, laptops, and any other devices can help prevent mass data breaches and credential reuse that results when hackers are able to gain access to centralized password storage.
“When you look at all the big breaches of the last five or ten years, you’ll notice that they have one thing in common,” explained Avetisov. “It’s not how the hackers got in, it’s what they’re going after: the centralized password store. It’s a single point of failure, and when it gets breached millions of people are impacted.”
HYPR’s answer to the problem is passwordless biometric encryption that ensures secure authentication across desktop, mobile, and Internet of Things systems. “We actually go into a company and tell them, ‘Hey that crown jewel you have inside your corporation, we’re just going to remove it,’ so that hackers don’t have a single target to go after,” said Bojan Simic, Chief Technology Officer at HYPR. “And the technology we’ve built enables companies to do that in weeks, not months or years.”
A core part of HYPR’s technology — and making a passwordless future mainstream — is that data storage and processing will take place on individual devices instead of central servers. This distributed computing model, sometimes referred to as data at the edge, requires hackers to break into each device separately to get access to any sensitive data, a much more time consuming and difficult challenge.
“This is a really big paradigm shift that’s happening now in the security industry,” Avetisov said. “You have to attack each user individually, and hackers hate doing that. They like one big, juicy target.”
As decentralized systems like the one HYPR enables become more commonplace, the company predicts there will also be a significant impact on user experience. “I think user experience could improve dramatically,” Warren explained.
The impact on user experience
According to Warren, consumers will need to adjust some old habits as passwordless systems become more prevalent to take full advantage of the enhanced security they provide. “It’s a new kind of consumer experience, so you’ve got to get people over the hump. It’s proven to be a big challenge to get consumers to change their habits even with something as common today as enabling two-factor authentication,” said Warren.
Warren predicts that passwordless systems, like HYPR’s, will first become more widespread in the enterprise sphere before spreading out to consumer applications, but when it does, he believes consumers will easily see the “wow factor” in the distributed computing model.
Moreover, HYPR’s Avetisov adds that the smartphone was the missing ingredient needed for implementing biometric, passwordless security in a user-friendly way. “You need to be able to authenticate with something other than a password, whether it’s a fingerprint, facial ID, or voice recognition. You simply can’t have passwordless security without the smartphone,” Avetisov explained.
For example, consumers could use HYPR’s technology to login to a banking app on their smartphone using biometrics, at which point the bank would push a decentralized authentication token to the mobile device to give the user instant access.
An uphill battle for hackers
“Passwordless biometric technology like HYPR’s is definitely going to make hackers’ jobs much harder because everything will be decentralized” Warren predicts. “How they’ll respond, I’m not quite sure. The world of cybersecurity is a cat and mouse game, and I’m sure they’ll come up with something clever, but until they do passwordless technologies like HYPR’s are proving to be an uphill battle for them and a more cost-effective way for companies to protect consumer data.”
Warren also says a breach of a central repository of data can cost a company up to $15 per record, so executives now realize there are financial incentives with implementing passwordless tech sooner rather than later. “We’ve seen executives at Fortune 500 companies asking themselves ‘Why are we holding all this data? Isn’t there a way to put it on the consumer’s device and just access it when we need to?'”