Ukrainian company REMME has recently released the alpha build of its REMME Core 0.1.0 protocol, which hopes to eliminate human error in the cybersecurity domain by getting rid of passwords entirely.
Password management is no joke. Despite the ever-expanding advances made in cryptography over the years, poor password discipline remains the greatest weakness to modern computer systems. Besides phishing attacks and easily guessable passwords, users have even been shown to give up their passwords for a bar of chocolate.
Even the mightiest cybersecurity systems have been brought to their knees by a single weak password. Case in point: Equifax notoriously lost the Social Security numbers of 143 million Americans in September last year for simply using the embarrassingly default password combo of ‘admin/admin’ in one of their online employee portals.
And yet, humans are getting no better at protecting their own credentials. Considering the average person can now be expected to maintain at least dozens of accounts spread across social media, chat apps, gaming platforms, email, and even work accounts, it’s little wonder that over 80% of peoplereuse their passwords. The most readily-available fix is to implement a password manager, though studies show that very few people actually use them.
MAKING THE PASSWORD OBSOLETE
The long-term solution? Bypass the password entirely.
That is what the REMME project is hoping to achieve with the recent alpha release of their Access Management solution. A Ukrainian company started in 2015, REMME intends to make passwords obsolete by migrating the authentication process on to the blockchain, thereby eliminating human error from the equation. This is being done using their distributed REMME Public Key Infrastructure protocol (PKId) along with a set of Access Management DApps built on top of it.
REMME’s Core 0.1.0 Alpha release currently offers developers access to the core functionality of the protocol, which includes access to the architecture and high-level logic of working with SSL/TLS certificates. It comes with a command-line interface (CLI) for developer’s seeking quick access to the protocol’s central features, such as issuing and revoking certificates and transferring REM tokens between users. The basic elements of working with the company’s REM token have also been integrated.
The protocol’s release comes hard on the heels of the company’s REM token public ICO on February 13th, which raised 19,343 ETH. The token sale has already reached its hard cap of $20 million USD and tokens are currently locked until February 25th at 14:00 UTC. The project has already come to the attention of several companies including Ukrinmash, a part of the State Concern Ukroboronprom, a large, state enterprise tasked with managing Ukraine’s military-industrial complex.
REMME’s efforts earned it recognition at the Microsoft Blockchain Intensive held by Microsoft Ukraine in June 2017. The team won first place at the event’s blockchain-themed hackathon, where they used REMME authentication technology, IPFS protocol, and the Ethereum blockchain to build a traffic collision awareness and reporting system. As a result, they made off with a $10,000 project grant, an invitation to the VivaTechnology conference in Paris, and a business, legal, and marketing consulting contract from Ernst & Young Global Limited, a professional services company based in London.
The project began in 2015 following a series of cyber attackswhich rocked several large Ukrainian companies. By early 2016, the first closed beta version of the product was released on the Emercoin blockchain. This was followed by a second version on top of the Bitcoin blockchain in 2017.
The team’s next goal is to develop inter-blockchain token migration for the protocol’s next release. This will allow the REM token, which is currently released on the Ethereum platform, to be used on their custom REMME blockchain. Public testing is slated to begin later this year, with a public release set before the end of the year.
Are we entering a new age of cybersecurity? Will REMME finally get rid of the terrible password practices that have come to define most major data breaches? Let me know in the comments below!