It is common knowledge that passwords will not survive the 21st century, due to their inherent weaknesses (Forbes, Wired, CNET). With Nitrokey we aim to replace passwords with a more secure, easy-to-use and scalable solution; a latchkey for your digital home.
But what are the shortcomings of passwords and why they should be avoided whenever possible?
- We increasingly rely on data and web services which play an important role in our lives and thus need to be appropriately secure.
- The amount of online accounts of an individual user is increasing. Using the same password for multiple accounts should be avoided for security reasons, otherwise a malicious administrator or hack of one service provider would allow the attacker to compromise your account at another service.
- Passwords need to be complex and long in order to be secure.
- Increasing computing power requires passwords to become longer and longer in order to remain secure.
- Long and complex (secure) passwords are difficult to remember, especially when using different passwords for each account.
- Furthermore, passwords can be "copied" and are therefore inherently insecure.
What solutions does Nitrokey provide?
- Secure login to your favourite web accounts by using one-time passwords as a second factor. In addition to your primary password, a one-time password is required to login. One-time passwords are generated by the Nitrokey and are valid only once. If your primary password is stolen the attacker cannot login without your Nitrokey.
- Ordinary static passwords can be stored securely in the Nitrokey hardware. For this purpose the Nitrokey App serves as a simple password manager.
- FIDO U2F is a new and promising standard for second factor authentication. It can be thought of as a more secure and easier to use version of one-time passwords. Web browsers which support U2F allow a seamless and very easy user experience. U2F is in its early stages and is currently only supported by Google, YouTube, Dropbox, and GitHub and requires the Chrome Browser (a Firefox add-on is being worked on). We offer the separate Nitrokey U2F model and are working on integrating U2F into the other models as well. We believe that U2F will be the future for secure web login.
- Nitrokey is a very popular product for protecting SSH keys. SSH keys are stored on the Nitrokey and the actual login is key-based. In order to log in the user would no longer need any SSH passwords, only the Nitrokey (and PIN).
- A very secure but rarely used approach is to log-in (authenticate) to web services with a client certificate. The private key can be stored securely in the Nitrokey. These days only a few unpopular web services support this authentication method which is more suitable for custom enterprise solutions. Note that during connection establishment users' client certificates are transferred in cleartext which could be a privacy issue when used in the Internet.