ANECT a.s. - system architect and integrator
Path: News/ALUCID – new solution relieves users of problems with login passwords
ALUCID – new solution relieves users of problems with login passwords
Secure administration of all internet accesses is ensured by one single USB device
ANECT company presented the new ALUCID solution, offering simplification of existing systems for authentication and proof of identity in the cyberspace. User will not be forced to memorize loads of passwords anymore and will have personal safe with identification data in his/her hands – so-called PEIG (Personal Electronic Identity Gadget) in the form of USB, card or cell phone within which the process of login to services needed runs automatically.
„People disclose more and more information about themselves on the internet, although intimidations grow, attacks aimed at gaining sensitive data to enrich oneself financially increase. Number of access logins and passwords through which every particular person proves his/her identity on the internet escalates. Thus users often use the same passwords repeatedly or choose those easy to remember – that is, passwords poorly immune against any attack. In such way the risk of potential abuse rises," said Alena Řezníčková, Head of ALUCID Department.
Safety analysts recommend usage of strong passwords, in other words, with minimum length of 8 characters including digits and non-alphanumerical characters, as well as alteration of capital and lower case letters and password modification once in 6 months at least. Therefore users tend to note a password down and run a risk of misuse. According to CZ.NIC association study, 10 per cent of informants keep their access passwords on a sticker on monitor and entire 25 per cent store them in cell phones.
ALUCID (Authomatic Liberal and User Centric Electronic Identity) solution consists of two segments – PEIG and AIM. PEIG is a materialized electronic identity in the user's hands. It is, so to say, a personal safe in the form of USB key pouch, card or cell phone, where the login process takes place by itself. AIM is the server solution for electronic identity management on the service provider side. Via standard web interface (WS) it provides applications with services linked to electronic identity management.
ALUCID exploits automatically strong cryptography instead of passwords. Link to a service (bank, e-shop, e-mail client, company portal etc.) is being created by itself and works on anonymous basis – no one is capable to track down a specific user on the internet. For PEIG activation, it also enables setting of different security levels against abuse, such as PIN or fingerprint.
ALUCID thoroughly separates personal data from identifiers used for authentication, so that PEIG communicates with the server part of the system via dynamically modifying identifiers: random numbers. It uses no personal data of the user himself.
Thanks to automatic variation of identifiers, the user is not obliged to solve problems with passwords expiry. Identifiers also never leave off the safe which prevents from eventual phishing.
Users struggle against passwords relatively often. According to ZoneAlarm company survey, combination of ascending numbers (123456...) is among three mostly used passwords. Approximately four per cent of users prefer an analogy to the „password" expression as a password. The survey showed as well that up to 79 per cent of users have chosen dangerous password and 16 per cent use their first name.
