Netscape Co-Founder: Passwords Are the Weak Link in Cyber Security
Jim Clark, co-founder of Netscape and Shutterfly, weighs in on the flaws of current cyber security efforts in place to prevent hacks.
Clark discussed the rise in security breaches facing business of all sizes as well as organizations and government agencies.
“Recently there’s been a spate as you know of disruptions, the DNC getting emails tapped and small business owners getting their machines encrypted so that they couldn’t do business and having to pay Bitcoin ransom and there’s, you know, massive password theft at companies like Yahoo. So we’re seeing it in a lot of different places,†Clark told the FOX Business Network’s Maria Bartiromo.
Clark sees the use of passwords as a weak link in efforts to improve cyber security.
“In the end it all, in one way or another, points to this deficiency I call it, that we call a password.â€
Clark then went into greater depth as to why he sees the use of passwords as a deficiency.
“You don’t want to use it for access to a site because that requires that the site have a copy. You see, passwords are deficient because they amount to a shared secret. And there’s that old joke, ‘a secret is something you tell one person at a time.’ And the thing about a secret, this particular secret, you don’t want anyone to know.â€
Because of this, Clark added, “You’ve got to get out of passwords, there’s no question about that.â€
Clark explained the certificate concept used to authenticate websites.
“The certificate concept has been around for years. It’s used to authenticate and make sure that you’re connecting to Google, make sure you’re connected to Yahoo. Any site you go to has a certificate. And that certificate is issued by a certification authority – there’s a complete infrastructure for dealing with that kind of issue.â€
Clark says that this certification could be implemented for users as well to replace the need for passwords.
“The exact same mechanism can be used to authenticate users, so users need to be issued a certificate, then they don’t need a password and this certificate gets shared with everyone because it can’t be altered, it can’t be messed with. If you mess with it, It’s no longer valid.â€