P250
LOADING...
#Go Passwordless With No Sensitive Data Exposed
#Password out, passkey in
Digital Chip Card Locker ("DCCL") is a brand new technology that sets the highest standards for cybersecurity and preventive data protection, with passwordless authentication as one of its foundations.
Although the implementation is somewhat complex, the basic idea behind passwordless authentication is fairly simple.
Instead of dealing with a traditional password in terms of remembering, typing, analyzing its strength, and, ultimately, forgetting it, we will authenticate using its more secure and convenient digital equivalent in the form of a passkey, which is a combination of digital signatures, fragments of cryptographic key pairs, encryption keys, hash codes and device identification strings.
Unlike a password, a passkey is not something that a user has to remember or create manually, but is generated automatically using specially designed software provided by the website or app to which the user logs in.
Specifically, passkeys created by DCCL are partly stored on the user's device (private RSA key), partly derived from the device's built-in features (device identification strings), and mostly not stored anywhere, but generated on the fly with each new registration or login request (hash codes, DCCL encryption keys, digital signatures).
Using an auto-generated DCCL passkey is the most secure way to verify a user's online identity. No biometrics, no annoying SMS verifications via mobile phones, and no requests to reveal sensitive user data - just algorithms based on pure mathematics.
#The future of secure communication is passwordless
Here are some of the main reasons why passwords are (finally) considered obsolete nowadays. In fact, knowing the following, we wonder why passwordless authentication wasn't introduced much earlier:
  • If the password is stored on the user's device, it can be stolen and misused, as it contains sensitive data.
  • Short passwords are insecure and easy to reproduce, while overly long passwords are more secure, but also tedious to type and difficult to remember.
  • Passwords can be entered by copying and pasting, but this means they must first be saved on the user's device, which poses a security risk in the event of theft or loss of the device on which they are saved.
  • It is inconvenient to change and remember passwords after each use.
  • If the password is stored on the user's device, it can be stolen and misused, as it contains sensitive data.
  • Short passwords are insecure and easy to reproduce, while overly long passwords are more secure, but also tedious to type and difficult to remember.
  • Passwords can be entered by copying and pasting, but this means they must first be saved on the user's device, which poses a security risk in the event of theft or loss of the device on which they are saved.
  • It is inconvenient to change and remember passwords after each use.
  • It is not recommended to use one password to log in to multiple sites, and if multiple passwords are used, remembering and storing them becomes a hassle.
  • A camera can record a password written on paper or on a computer or phone screen (after all, a camera can record someone typing on the keyboard even if typing hidden characters).
  • A password contains sensitive data and its transmission between two devices over a short distance or over the internet poses a security risk.
  • It is possible to encrypt a password on the client side and then decrypt it on the server side during registration or login to the system, but how secure is it to store the password on the server? The password contains sensitive data and access to that data poses another security risk.
#The future of secure communication is DCCL
Considering the security concerns associated with passwordless authentication that would prevent widespread adoption of this approach, DCCL aims to reduce the risk to zero:
  • DCCL is not vulnerable to phishing, man-in-the-browser or man-in-the-middle attacks;
  • The DCCL encryption key is not stored on any local device or in the cloud;
  • No fingerprint or facial recognition is used, nor is SMS verification via mobile phones;
  • DCCL is not vulnerable to phishing, man-in-the-browser or man-in-the-middle attacks;
  • The DCCL encryption key is not stored on any local device or in the cloud;
  • No fingerprint or facial recognition is used, nor is SMS verification via mobile phones;
  • DCCL activates reliable protection against automated bot activity;
  • The private RSA key is stored only on the user's device and is never shared with the service provider;
  • DCCL is not limited to use only on mobile phones, but can be used on any other device;
  • No additional equipment or hardware devices are required;
  • No physical token (USB stick, smart card or similar) is required to be carried around;
  • No additional software installation is required on the client side;
  • No additional maintenance costs may apply;
  • Only standard technical skills are required for implementation;
  • Implemented tokenization enables seamless synchronization across multiple devices, making it easy to access your account from any device;
  • DCCL is available on any device running any operating system and without any restrictions.
Communication between the client and the server must be end-to-end encrypted at all times and with verified user digital identities, without leaving out a single detail. This is one of the core principles of DCCL technology.