Stolen passwords and weak passwords are responsible for over 80% of security breaches in 2018, and in 2019 over 150,000 security incidents and nearly 4,000 confirmed data breaches were caused due to weak or stolen passwords. Passwords are some of the weakest forms of authentication, and when user authentication is not secure, cybercriminals have easy access to take whatever information they want.
Creating the perfect authentication method does not include just security, but also user convenience. Passwords and security questions are a very weak form of authentication as it leans on ‘shared secret’ between a service provider and a user. This also makes the user responsible for protecting and remembering multiple passwords at once, and with security questions, answers to those questions can commonly be found readily available on the user’s social media, rendering them nearly useless. A more secure way of authentication is to call a registered number to confirm a user’s identity, but this is not perfect as it requires a user to have a phone at the ready, and phone calls can be easily intercepted and redirected. Time based one use passwords are sent through a push notification, SMS message, or through an email. Codes sent expire after a short time, meaning even if they are compromised, the code can not be used. This form of authentication is more secure, but is still vulnerable to SIM hijacking, malware, and notification flooding attacks. Biometrics are some of the most secure types of authentication – though the tech utilizing it is still not perfect and can suffer from false positives. Biometrics are also some of the most convenient form of authentication as you always have your DNA, fingerprints, or face at the ready, and you do not need to remember a password.
Learn more about a guide to authentication methods and how the future without passwords is becoming a reality here:
The big question ahead now is what happens to privacy coins like Monero?
Blockchain analytics and forensics firm CipherTrace has revealed it filed patents for tracing Monero transactions at the end of last week. The firm claimed that it would be able to trace illicit transactions involving privacy coins. If the claim is true, the firm’s efforts will go a long way in curbing criminal organisations using Monero (XMR) to facilitate their operations.
The firm announced it filed two different patents for technology capable of tracing XMR transactions. It is reported that CipherTrace has been working on this technology for about two years.
According to a blog posted by CipherTrace on Friday last week, the firm reported that its patents would feature forensic tools to explore Monero (XMR) transaction flows. This would be useful in financial investigations as it will help track stolen or illegally used Monero. The capabilities of this technology are, however, yet to be confirmed as of writing.
A section of the blog read, “CipherTrace’s Monero tracing capabilities will allow (Virtual Asset Service Providers) to identify when inbound XMR may have criminal origins, allowing them to adequately risk rate customer transactions per any required regulations,”
“Our goal is to enable the detection of criminal users, therefore increasing the safety and sustainability of privacy coins like Monero in the future.”
Privacy coins like Monero have become popular mediums of exchange on the darknet market because they are hard to trace. Currently, law enforcement agencies and other authorities are yet to find a foolproof way of tracing privacy coins such as Monero. As such, firms like CipherTrace have a chance of cracking the problem first.
CipherTrace added that it received help from the Department of Homeland Security to build the Monero-tracing technology. Besides the Department of Homeland Security, the Internal Revenue Service is also looking to break Monero. At the beginning of September, the IRS set a bounty of up to $625,000 to anyone who could help crack Monero transactions.