Eliminating Usernames and Passwords With OneID
If there is one hassle almost everyone encounters… filling out username and passwords to access your accounts. While online security has seen dramatic improvements, you are still vulnerable to anyone who wants your username and password.
The current system of entering a username and password is considered outdated, flawed and vulnerable according to OneID . This is because the information you consider private is centrally stored.
How It Works
OneID works by using a multi-device verification system that doesn’t require passwords in order to gain access to your accounts. It uses advanced asymmetric cryptography which works to identify the user by using different computing devices such as cell phones, tablets and computers. It verifies your identity through an active device and a control device of your choice. They work together to keep your information protected allowing you to use the one click feature. You can also choose to verify your identity with a pin but it is a verification system and not a password stored at a central database.
The one-click feature lets you sign up, sign in and check out with just one single click. OneID makes this possible by using your device as the identifying source instead of a username and password. If the website needs more information such as shipping, you can provide that information to the site. OneID lets you give out only the necessary information and nothing else. This protects your personal and sensitive information from being stored or sold in large central databases around the world.
The model for password security is based on the security implemented for mainframe systems. As computers became part of everyday life the same system was applied to secure sensitive information. Initially the passwords were short and easy to remember but as computer got more powerful the passwords began to get more complex. This did not provide more security because your information was still stored at a central database, making it vulnerable to attacks or being stolen by employees.
The information you hold near and dear to you is fragmented groups of usernames, screen names, passwords and site keys for email addresses, social media sites, financial institutions and other sites. Most people are leery when it comes to giving out their personal information to one institution. Although logic would dictate it is better to give it to one source instead of multiple source companies that have tried this model so far have failed in convincing users to adopt this system.
The biggest issue OneID faces is protecting the privacy of their clients. Companies like Facebook which use connect sign-in buttons in association with other websites reveal access to demographic information, user ID, friends list, networks and profile pictures. For some users, this is not an option no matter how convenient a single identification system makes your user experience.
The risk in using a device to identify who you are is you can lose the device. OneID says you can lock your device if it is lost or stolen but if you don’t know it is lost or stolen it is very possible for someone to access your financial or personal accounts.
Security experts will tell you there is no such thing as foolproof security. If someone is determined they can breach almost any security system. What you have to do is make it as hard as possible for them so they will give up and find a softer target.