[ad_1]
PIA met with Locke Brown, Co-Founder and CEO of NuID. We talked about the importance of strong authentication, the challenges of traditional online passwords, the future of NuID,
and he gave some tips about online safety
Private Internet Access: Hi Locke, Thank you for taking the time to speak with me today. Can you tell me a little bit about yourself and how you got into cryptocurrency?
Locke Brown: I am originally from Birmingham, Alabama. Then I went to school near Los Angeles at Claremont McKenna College. I studied mathematics and economics. In 2013, I was a crazy person running around campus talking about Bitcoin.
I’ve always been into computers, gaming, tech, not coding, although I built a lot of websites when I was younger. Mathematics, natural sciences and economics are my thing. I have always been involved in investments. I actually also got my Masters in Finance when I was at Claremont McKenna.
In college I interned at Google and decided I wanted to go into finance after school. So after I graduated in 2014, I went and worked in Seattle at the private equity office of Bill Gates. It was pretty wild; I was a trader there for a few years and then moved into private equity.
The last year and a half or so when I was there, around 2016, myself and the COO created an internal blockchain task force because blockchain became hot again. At that point I lost too many bitcoins like online games and random things. Of course, it was not worth as much as it is today. It is worth noting that I mined bitcoins back in the student dormitory. I had one of the first ASIC miners, so I’ve always been in that space, and it was good to get back into that space and follow it more closely. Around that time I started using PrivateInternetAccess, I had a dedicated IP address back in 2016, so I thought it was cool that you reached out.
PIA: What inspired you to start NuID?
POUND: I was thinking about digitizing things like real estate and car titles. Then I met this guy Nolan Smith through a mutual friend. At the time, he was a data scientist at Microsoft. We met on a hike outside of Seattle and we hit it off right away. We ended up getting lunch and going down the rabbit hole. We spent a lot of 2016 in my basement, which was called the cave. Just learning a lot of stuff in the world of cryptography and blockchains and came across zero-knowledge cryptography which ended up being a big part of what we do in our core technology.
We had a lot of ideas, but we needed some kind of distributed system to make them work. We also needed an identity to be trusted, didn’t we? A better version of identity than what we have today, which is to create a username and password for every service you use and let it be hacked.
So we think, okay, authentication is the layer that really needs to be fixed, because if you can authenticate yourself as me, how can you trust my digital identity if someone else is going to authenticate it.
We successfully combined these two technologies that were relatively unheard of or new at the time: distributed ledgers and zero-knowledge proofs, and developed a protocol that, as we said at the time, abstracted identity from the device to the person. In January 2017, we contacted Professor Matthew Franklin of the University of California, Davis. He is a professor of cryptography, known for the Bone-Franklin scheme of identity-based encryption and many other things in the public key infrastructure we use today. In fact, PIA uses some of the technology it helped invent back in the day. So he checked and confirmed the protocol we developed. Later in January of that year, it must have been a Sunday evening, I decided I had to go all in. I quit my job and filed my first patent applications, then founded NuID. A month later I grew a small grain round and the rest is history. So this is the shortened version.
PIA: What is NuID’s flagship product?
POUND: The only thing you can hear in Silicon Valley is fail fast, you know, break and repeat. This does not work for authentication and identification. So, we were extremely meticulous and thorough, and the key was to get it right, not fast. Despite the fact that some people insisted. Because if authentication fails, it’s over. You can’t fail once, right?
So we released our Trustless Authentication product, a NuID authentication solution that is a B2B SaaS product. It was and is a monthly subscription API plugin for companies to completely replace their authentication workflow.
In the current user sign-in experience, you might imagine you’re building an app, website, or what-have-you that has users who need to sign in. In today’s paradigm, the status quo is for the user to enter a username or email address and a password. This then goes from their device to the server. Then, if they’re decent, they’ll hash the password and/or encrypt it at source and store it in the database. So the next time a user logs in and enters their credentials, it goes to their server where it is compared and if the passwords match, it verifies and authorizes you by creating a session.
So, as we all understand, this is a huge problem for several reasons. Each of the servers must maintain this large database of credentials. Now you have a huge target for hackers and people who compromise systems. And that can create a cascading snowball effect because when that server is hacked, 9 times out of 10 it’s the compromised credentials that are used to actually do the hack or hack it. For example, in a big hack like LinkedIn or Twitter or any of those big sites, other subsequent hacks are because somebody’s credentials were found and some admin used the same password for their email or whatever another site and people reuse passwords.
The NuID authentication system is designed to eliminate this workflow and we have 57 US patent applications for this. It’s free to use, up to a point, and can be installed in less than 30 minutes. It sits behind the login window, so as far as the user is concerned, there is no additional friction and their login experience doesn’t change. What happens on the server is that when a user creates an account, they enter a username and password on their device. On this user’s device, this password is used to create a so-called zero-knowledge verification. So you can think of it as magic – I’m kidding or half kidding. That’s basically a lot of math, right?
The password entered on the user’s device is deleted. It is never transmitted over the Internet to any server or stored locally. The public output link parameter is then stored in the distributed ledger. By default we use Ethereum, but it is registry independent and we are going to release the KiiChain registry in the future. We’re actually launching the Kii token that’s at the heart of it. I won’t go into that now. But the idea is that this public benchmark is decentralized and persistent. So, you know, no party is running it.
PIA: Is NuID just for business or do you have a consumer product?
POUND: We recently launched the Nu Identity ecosystem and are gearing up for it. We will launch consumer products next year. It will be a credential wallet that will allow users to manage their credentials.
I like to say that we make crypto accessible to everyone. It’s hard to manage your keys now, isn’t it? I mean, if we’re using a public key infrastructure, public private keys to log in, what we have is a nightmare for people to manage and use. For example, with a bitcoin wallet, it gives you an opening phrase that basically says if you lose your private key, you’re done, you’re out. right?
This is open-key infrastructure for you. It’s not very forgiving. It takes a good way and a good interface for people, and that’s what NuID does. We initially needed an enterprise solution because if I had walked out three or four years ago and said, “Hey, I’ve got this great new authentication solution, want to try it out,” and you’d , great, where can I use it, and the answer was nowhere to be found, it won’t help you much.
So, the first step was to implement our protocol and have it used by services. So we launched that a few years ago. And now, as I said, we have a self-service developer portal for anyone who builds an app or a website, and they can deploy it and play with it for free.
PIA: Do you have any tips for the average person to protect their password? To increase their online privacy?
POUND: the longer the better. A lot of times websites will say use a number, use uppercase, lowercase and whatever characters you want. But the truth is that length is the most on your side.
Use different passwords for more important things. I’m not going to tell someone to use different passwords for every account, because people have 50, 60, 70 different accounts, and now even more. I’ll also say this with a little asterisk, but use password managers like LastPass or 1pass. It’s a godsend, and we demand that everyone at NuID use it. But they undoubtedly fix the problem and do not solve anything real. Therefore, trusting them can be very scary. That being said, they are a step in the right direction. The convenience you get is worth it if you use it right, meaning you use their automatic secure password generator. You can use it to generate a random string of numbers, symbols, and characters that are 32 digits long, all of which are different. So, if you’re going to use something like this, take advantage of a secure password generator.
Finally, make sure you always have two-factor authentication if possible. So those are the biggest things. Otherwise, stay tuned for NuID and receive verified credentials when we launch it in a few months.
PIA: Are you still involved in cryptocurrency?
POUND: Yes, indeed, we are about to launch our Kii token, which has been five years in the making.
I’m still keeping an eye on cryptocurrency. I changed a little. I go in waves, depending on how busy I am. But you know, I’m definitely following it, I’m definitely keeping up, because it’s very relevant to cryptography. It’s also worth noting that NuID credentials, since crypto is built on a public key infrastructure, can serve as your private key to crypto assets.
So NuWallet, which we are going to launch next year, will serve not only as a credential wallet, but also as your crypto wallet. Because your authentication credentials can protect any cryptographic asset. This is very important for cryptocurrency because you are your own person. Your assets should follow you, and only you should be able to authenticate those things.
[ad_2]
Source link