We live in a world that is very much still password-reliant, despite the innovations in cybersecurity. For many, typing in that string of gibberish gives us comfort knowing that our data and assets are stored securely behind it.
But that may not be the truth. IPification, a Hong Kong-based startup, wants to overhaul these processes for a passwordless future. We spoke to CEO Stefan Kostic to learn why, and how.
Towards a passwordless future
Before he was president and founder of IPification, Harry Cheung was having dinner with one of his oldest friends in a Hong Kong restaurant. The latter was seeking professional advice because his mobile banking app had recently gotten hacked and all his money was stolen.
At the time, Harry had been in the security industry for a long time and served on Kaspersky’s Board of Directors, hence his friend reaching out to him. Though he could only provide advice on the best mobile security practices then, Harry would eventually begin working on a mobile authentication solution some years later, to be launched as IPification.
Here at IPification, we strongly believe in the passwordless future where users are at the centre of a secure and user-friendly mobile identity ecosystem. When most authentication solutions sacrifice either security or user experience, we believe that you should have both.Stefan Kostic
With that, the startup wants to do away with passwords, including one-time passwords (OTPs) and the like.
In turn, its solution generates a user’s unique mobile ID key consisting of the phone number, SIM card, and device data based on the user’s IP address. To authenticate, the user only needs to make one tap on their screen, and the unique ID key is verified in milliseconds.
However, he advises that regardless, one should have a code, face, or fingerprint ID as a way to unlock one’s phone for better security. If the phone gets lost or is stolen then, one should quickly contact their mobile phone operator and ask to lock their SIM card.
One flaw in security is a flaw too many
Prior to this, I’d always assumed that the cybersecurity of my data and assets would be safe and sound, so long as I never shared my OTP or password around. I mean, that’s what the news often cautions us about… right?
Wrong. Passwords in general aren’t very secure, and SMS OTPs can be compromised too, with Stefan stating that they were highly vulnerable to social engineering attacks and SMS rerouting.
Through social engineering, cybercriminals can take over your SIM card and gain access to your account before you even notice what is known as a SIM swapping attack,
Capturing 3 billion users in the next 5 years
For IPification to work, it has to be in people’s smartphones, and this is only possible through working with mobile phone operators.
First and foremost, IPification helps them open new revenue streams by monetising their tech infrastructure in a way it wasn’t ever beforeStefan Kostic