Passwords are a relic of the early internet days, but they don’t really hold up in the current internet age. Bad password habits, like using weak passwords or reusing passwords across accounts, significantly increase your chances of getting hacked. So the consensus among the tech savvy is that passwords should be supplemented or replaced with something more secure.
But, interestingly, Beyond Identity is replacing passwords with another relic of the early internet. Beyond Identity was founded by two early internet entrepreneurs: Netscape founder Jim Clark and Tom Jermoluk of Silicon Graphics and @Home Network. On Tuesday, the duo announced the official launch of the company along with $30 million in Series A funding.
Beyond Identity uses existing secure communications infrastructure and crypto standards to extend the trust between server-to-server communication to the user’s device, thus creating a personal security certificate for the user. Although this can be a little confusing to wrap your head around, the result is the ability for a user to log in through trusted devices without having to rely on a password.
“Certificate chains are appropriately referred to as a Chain of Trust,” Jermoluk, the company's CEO, said in a statement. “When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn’t yet exist to extend the chain all the way to the end user. Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport (TLS) used by millions of websites in secure communications today — finally solving the issue the Netscape team was unable to address back then.”
He continued: “By allowing passwords at the user-level, our industry inadvertently created an incredible mess with billions of insecure passwords and hacking targets everywhere, resulting in liabilities and user unhappiness. Rather than ‘Band-Aid’ passwords with MFA or password managers, simply eliminate them altogether!”
Beyond Identity will initially market itself to companies as a way to ensure that their business network is secure across all employees or customers. It says that, by doing so, it’ll eliminate the risk of having a central password database, which can be the target of orchestrated cyber attacks. The company also says its software will be useful for people who dislike using passwords but need a secure way to authenticate themselves online.