The security world is searching for a replacement for passwords. Passwords are becoming irrelevant because they can be discovered and broken as computers gain processing power. In addition, stolen user identities are increasingly cheap and easy to come by. Any solution will require a shift in how personal information is managed and stored — and blockchain technology could just do the job.

Passwords and user identities are too often collected and stored in databases. Each company is responsible for maintaining that information securely, meaning that each of those databases can be breached. The thought of reducing the number of databases for threat actors to target seems counterproductive, but if that smaller number of databases is demonstrably more secure, there can be a positive shift. That’s exactly what proponents of blockchain-based security propose.

Augmenting FIM With Blockchain

The idea of maintaining a centralized and reliable identity structure holds a lot of promise because it allows users to create and manage a single, valid identity across a wide range of websites and applications. Federated identity management (FIM) systems deliver that kind of cross-platform portability and make it easy for users to appropriately gain access to restricted content.

However, FIM systems could face the same vulnerabilities as individual user management systems. A blockchain security system aims to address self-management in a closed environment so that each individual has control over how much and what personal information he or she shares with what entities. These structures have been shown to be highly secure.

The concept of centralizing personal information and maintaining control over how and where it is accessed seems worthy of pursuing. It would mean that, when logging into a secure site, the site would request credentials from the centralized storage of your information rather than from its own storage. It would also mean that only the information necessary for the particular function requested would be provided and would not be stored locally, bypassing security concerns.

The concept could be implemented similarly to how identity is anonymized in web tracking. The user would be assigned an identification tag that is meaningless without the user-specific information stored in the secured personal record and data pertinent to his or her relationship with any particular site.

Centralizing Identity Data

Some experts are turning to blockchain technology as an answer to protecting personal identities because if offers highly secure storage of data in a distributed structure. Early attempts at FIM, such as OAuth, provide the framework to centralize user information and validate access.

Applying a blockchain data structure to an open source design for user identities could deliver a secure alternative to traditional access technologies. The overall goal is to provide a system where the user has control of his or her data, and where that data is validated and secure. Blockchain’s distributed architecture promises to enable full interoperability across multiple businesses and ecosystems while still allowing individuals to control access to their personal information at a granular level.

Exploring the Potential of Blockchain Technology

Expert opinion is still mixed on whether blockchain technology will provide real security for personal information and the data stored behind walled access. There’s strong evidence that blockchain data structures are secure and scalable, and there has been plenty of activity by both new and well-established technology companies eager to capitalize on its merits. But blockchain is not a security technology in itself, so the goal must be to employ blockchain as the underlying storage technology supporting a viable FIM.

Security leaders should become more aware of blockchain technology and understand how it can apply to both security and other business functions. In addition to protecting stored data and tracking it for authenticity, it offers a highly distributed structure that provides protection against data loss, since the data is replicated on multiple computers.

At the same time, it’s important to remember that blockchain technology is not a magic bullet for security. It is, however, an interesting, emerging trend that could change the way organizations around the world secure and authenticate user identities.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read