BULLETPROOF IDENTITY
It’s time to kill the password…
…because passwords are the weak link.
- They’ve been substituted with biometrics, smartcards and dongles
- They’ve been patched with two step and two factor authentication
Even with these patches, passwords in any form, remain the weakest link in digital identity.
Identity and security are exploitable vulnerabilities because they both rely on stored static tokens such as passwords. Worse still matching tokens reside on both the server and the user’s device. They are easily accessible and just as easily mimicked.
Everyone believes the only way to identify a user or device is if they have an immutable static identity token, one they can match, like a device serial number or unique name for example , while security needs a password.
They are very wrong.
Matching these tokens is a huge hole in security, one which BPID plugs with incredible elegance and strength. BPID invented a better way than storing these credential tokens.
Because there are two points in any online communication, both ends can share in validating a user’s identity.
The process works best by employing random numbers because randomizing identity creates unpredictably so that no single identity is ever duplicated, falsified or cloned.
The secret of eliminating the password?
Random numbers.
BPID creates order from entropy.
BPID employs a very unique algorithm taking multiple random number sets to identify every individual. The result is that every logon is different as the number sets are constantly changing with no particular order.
Random numbers eliminate the password.
No two individuals ever repeat the same logon. No two user logons are identical.
Simplification and automation make it uncompromisingly secure and easy.
Users no longer need to remember hundreds of password credentials.
The system is automatic, processing the random numbers with very little user intervention. Users are freed from the burden of remembering passwords and service providers are freed from the burden of securing credentials and the liability issues associated with protecting stored credentials.
Users don’t know that their logon is different each time they logon; they don’t need to.
They just need to know their identity is bulletproof safe and for them it’s easy.
Random numbers provide one-time-use verification.
Employing a one-time-use system wraps each identity login in its individual security cocoon. When coupled with contemporary encryption communications methods even MitM attacks are ineffective because every handshake is different.
No intrusion can anticipate the next numerical set or successfully reuse a previous one and therefore can’t clone the user identity or compromise credentials. Whenever a set of random numbers is reused as a login, it triggers defensive regiment ranging from alerting the user to locking down the account.
It really is that simple, and it really works.
There are no stored credentials on the device or server. None.
By eliminating the user name and password, rogue agents can’t purchase access to a BPID secured server using credentials. That’s because there are no stored credentials.
There is nothing for them to mimic and no identity to steal.
Pick from ten to five hundred numbers down to eight decimal places between –7,874,598,445,332,967 and…
It’s as if the device and gateway ‘compare cryptic notes’ using a one-time-use pad.
That’s because it is closely what they do. Computer generation of one time numbers is asynchronous. Validation and response number sets is also asynchronous. It is order from chaos.
If the one time random number set doesn’t resolve at either end, BPID knows immediately that the identity is fraudulent. Asynchronous random numbers provide the ideal one-time use-pad.
Any attempt to falsify identity quarantines the digital response for that number set of the source; it marks the communication attempt as fraudulent along with the source (I.P.) and the type and threat level of trespass attempt.
BPID captures and logs all logins, valid or invalid. No device will process any rogue attempt without both end points, device and gateway, confirmation.
When verification is missing from either end (random numbers don’t compute to verifiable result) the login simply doesn’t work.
BPID immediately initiates deployment specific defenses. This is “Zero Moment” threat intelligence and action.
BPID offers simple, cheap and better identity security than any token based system.
BPID offers a far more robust security option than passwords.
Sharing security with and between endpoints, each handling a portion of the identity process cooperatively, then validating each other’s activity, any falsification attempt will always be immediately identified by one end or the other. Its instant!
BPID is not just bulletproof.
It’s game changing technology.
Think of it as an infinitely different Rubik cube on each login that always results in a unique identity and only BPID knows how to resolve:
Here are our users credentials:
Pick any 10 to 500 numbers between (-7,874,598,445,332,967) and +7,874,598,445,332,967
BPID is safe, secure, private and easy!
User 1
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.
User 2
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.
User 3
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.
User 4
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.
User 5
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.
User 6
IDENTITY: Random Number Set
User Name: There is none.
Password: There is none.