An Alternative to Passwords


For quite awhile, we have advocated the use of X.509 digital certificates and HTTPS as a way to replace passwords with a secure, standard reusable logon.  HTTPS is already enabled on most websites across the globe to identify that website to the browser and encrypt data: using a digital certificate, the HTTPS protocol identifies the website and shares encryption keys.  We are advocating enabling HTTPS to also identify and authenticate end users with a digital certificate.  HTTPS and digital certificates for end users are already supported in the technical protocol and on all standard devices - but it is just not turned on.  By enabling websites to identify and authenticate end users with a digital certificate, we would finally be able to replace insecure passwords, decrease the risk of Phishing and make the Internet a little more secure.   


However, we have not been able to convince any companies to become early adopters.  Many think this is a good idea but have told us they would only support this if their clients ask for it.  So we have the classic 'what came first - the chicken or the egg?' (though this particular question has been answered:)


We are now approaching end users to become early adopters and to evaluate X.509 digital certificates as an alternative to passwords.  We are looking for early adopters that:



Try For Yourself


With enough interest from end users, we hope to convince websites to enable HTTPS authentication using digital certificates.  As more websites turn this on, we can finally stop using insecure passwords.