Passwords Can’t be Hacked if They Don’t Exist: Nok Nok Labs

The ideal digital security setup of the future is one in which passwords can’t be hacked because there are no passwords stored in servers, argues Nok Nok Labs in a new blog post. And it’s a vision of the future that could soon be realized on a large scale.Passwords Can't be Hacked if They Don't Exist: Nok Nok Labs

Citing data from SecureAuth, Nok Nok Labs asserts that four of five IT decision makers agree that their organizations will move beyond passwords in the next five years, with almost half asserting that biometrics will replace them. While SecureAuth’s findings are based on surveys of only 200 such individuals in the US, it’s becoming increasingly clear that numerous major organizations are recognizing the vulnerability of password-based security systems, with Facebook and Google having recently taken substantial steps to implement two-factor authentication in line with FIDO Alliance standards.

For its part, FIDO co-founder Nok Nok Labs strives for the highest level of security by keeping user credentials on a given device, and foregoing passwords entirely. As the company notes, many solutions taking advantage of technologies like Touch ID use the on-device biometrics to release server-side passwords, whereas the company’s own Nok Nok Labs S3 Suite uses on-device biometric scanning to unlock a private key that matches a public one on a server. That way, not only are there no passwords to be hacked, and the public key is useless to a hacker who doesn’t have access to the private key.

It’s an approach that is likely to appeal to a wide breadth of organizations as they transition beyond archaic password-based security.