#securekey

Canada's SecureKey taps IBM to put identity on the Blockchain #IBM #Identity #Securekey

IBM has rolled out an enterprise-ready build-your-own Blockchain platform and announced a collaboration with Canada’s SecureKey on the commercial development of a federated identity service using the Hyperledger Frabric.

Dubbed ‘IBM Blockchain’, the new framework is designed to help developers create, deploy and manage highly secure Blockchain networks on the IBM Cloud. Clients ranging from…

Canadian Blockchain Company SecureKey Awarded U.S. Department of Homeland Security Grant #Command

Canadian Blockchain company SecureKey Technologies, a leading provider of identity and authentication solutions, and the Digital ID and Authentication Council of Canada(DIACC), a non-profit coalition of public and private sector leaders committed to developing a Canadian digital identification and authentication framework, today announced their receipt of a new Applied Research Grant to enable…

Just this past week, SecureKey won a contract to provide "cloud-based authentication" for the USPS, paving the way for other US agencies to eventually adopt their authentication model.

First, congratulations to SecureKey on this milestone. Their announcement is a small yet important step forward on the road to password liberation. The news is even more impressive when you consider the difficulties that alternative authentication systems have faced trying to gain acceptance. But with the growing number of alternative authentication technologies available today, why do most sites still stick with usernames and passwords?

Security experts cite various possible explanations, but I think there's another subtle reason for the lack of acceptance. I'm starting to believe that the security industry itself may be unintentionally exacerbating the problem. Early on in the development of CryoKey, I realized something: the security industry focuses so much on the heavy-duty identity consumers that they end up neglecting an important audience - the low-profile site.

The Forgotten Audience of Security Technology

What's a low-profile site? The answer is subjective, but I'm sure anyone can think of a few if they take a moment. These are everyday sites normally run by one guy, a few volunteers, or any group that targets a more niche audience, whether big or small. Think of sites like Penny Arcade, WebOS Nation, Smart Insider, Greater Boston Soaring Club, or even BronyState. The common theme is that none of them participate in the current security dialogue that's trying to determine the future of identification and authentication. They are, quite simply, low-profile in the security conversation.

Authentication and identification are fundamental problems that ultimately require users and site operators to change their behavior. Unfortunately, the world of security is very off-putting and generally inaccessible to most people. As a result, a lot of site operators don't participate in the dialogue because they aren't interested in the technical details, or maybe some of them don't know how to get involved. Whatever the reason for keeping silent, their needs are still just as relevant as the Microsofts and Amazons of the world. The truth is, thousands of these sites dot the Internet, and they all manage their own users. Therefore, any truly widespread alternative to passwords will need their seal of approval as well.

Make no mistake: we need robust solutions because critical services have a lot more at stake. Providers such as SecureKey offer the richer capabilities that heavy duty identity consumers require. But focusing too much on the big players ratchets up the security demands and increases complexity, leaving the casual site in the dust. Most of these low-profile sites simply don't have the resources to integrate and follow the continuing developments within the realm of security.

Active Outreach Instead of Voluntary Input

Every site - big or small - suffers from the password burden, but few sites actually adopt a password alternative. I can understand why the big sites would hesitate to adopt new technologies, but smaller sites have less at stake, so they are in a better position to experiment. Unfortunately, when you're just one person trying to run a community site with maybe a few volunteers to help, you simply don't have the resources to dive into the deep rabbit hole of network security.

If the off-putting language, complexity, and rapid rate of change within the world of security causes these service providers to tune out the dialogue and direct their attention to other issues, then we need to make the first move and approach them. We can't just sit by and wait for interested parties to join in the conversation or else we limit the contributors to only a small and very biased audience. Instead, we have to actively engage all affected parties to discover what they need. Otherwise, some of the less security-centric parties may not know what to say or how to get involved in a dialogue that may ultimately affect their services in some way. Without their acceptance, any decisions that come out of the dialogue will have a much harder time gaining widespread acceptance.

Do you know someone who runs an authenticated site? Ask them what they think about passwords and the alternatives, and see what it would take for them to try an alternative. Send them to the Petition against Passwords to share their pain and learn more about password alternatives!