A Little History
For 30 years, passwords have been the standard technology to authenticate end users to websites across the Internet: passwords are simple to use, easy to understand and ubiquitous. They are used everywhere on the Internet as part of the logon process and end users know how to use them and manage them. However, passwords pose a significant risk: they are easy to guess, steal, share and reuse, which leads to Phishing, Business Email Compromise, data breaches, account takeover, etc. They are also a nuisance: many websites require their own password. Password proliferation has become a significant headache for almost everyone on the Internet.
The Solution - A Personal, Reusable, Managed Credential
Pseudo-NYMSM proposes replacing passwords with an IETF standard, secure, reusable and managed credential: X.509 digital certificates. Pseudo-NYMSM is repurposing X.509 digital certificates as virtual, anonymous, reusable, managed end user authenticators. Each certificate, installed on the end user's device, would include a pseudo-identity that would protect the end user’s true identity. We are calling a digital certificate with a pseudo-identity a NYMSM. Each NYMSM would be accepted at our network of partners, so one NYMSM would replace multiple passwords. In addition, each NYMSM would be validated at logon: in the event a NYMSM is lost or stolen, it can be revoked by its owner and access denied.
Digital certificates are an IETF standard already supported in the HTTPS protocol used to secure websites today. By simply including a pseudo-identity in the certificate, Pseudo-NYMSM is repurposing the technology from an identity management solution to, in the words of Dr. Vint Cerf, an anonymous ‘Self Authenticating Identifier’. Because the technology is already supported in the HTTPS protocol, the service can easily be implemented to replace passwords: integration is relatively simple. In addition to replacing passwords, digital certificates combined with the HTTPS protocol neuter Phishing. Our approach to authentication on the Internet both replaces passwords at multiple different websites with a single reusable credential AND neuters Phishing as attack vector. They are also very easy to use: this video shows how easy.
NYMSMs would also be managed by their owner: subscribers to our service would be able to see where they logged on, be able to revoke their credential if it is lost or stolen and get a new one. We enable our subscribers to manage their credentials and their access to websites.
Authentication as a Service
Pseudo-NYMSM offers NYMSM digital certificates to end users, integration support to websites AND real time validation at logon - all as a managed service. With the continuing headaches around passwords, phishing and data breaches, Pseudo-NYMSM feels the time is right to revisit managed digital certificates as an alternative to passwords.