Cipherise is a decentralised solution.
Perhaps the most significant differentiator provided by Cipherise with respect to other authentication platforms on the market comes from the fact that all Cipherise authentication transactions are decentralised and completed on a user’s mobile phone, completely separate from the service being logged in to.
This is significant for two key reasons:
It addresses the challenge that the traditional perimeter can no longer be protected – there is no way to control the physical device or access points used to access a service. It is almost certain that an access request will – at some point – be made from a compromised or infected machine, and thus we must assume every keystroke is being recorded. If any credential information is entered through such a device, it is only a matter of time before an unauthorised user will gain access.
There are problems associated with centralised credential storage. Virtually all current authentication platforms rely upon a ‘submit and match’ process for granting access – a user submits their password, and this is matched against the service’s centrally held copy. This is problematic as not only are the repeated password copies creating multiple opportunities for interception, the core credential repository is a significant data-at-rest vulnerability.
There have been increasingly frequent cases of a breach where an attack is based upon gaining a copy of the centralised credential store, taking it oine, and then using brute force techniques to isolate specific user identity information. Typically, these attacks are after privileged user information, however the rest of the database gets dumped, sent to the darknet, and all users are affected.
The decentralised nature of Cipherise removes this risk by never requiring passwords or access credentials to be stored centrally. The actual authentication process is completed locally on a user’s mobile phone, and thus there is nothing central to be attacked or breached.