Password Security Is Impossible

Existing identity and security best practices are designed for machines. Obeying them is beyond human abilities.

  • They require perfect recall and perfect discipline to create and remember strong, unique passwords for dozens of accounts.
  • We’re supposed to have the superhuman ability to detect phishing, spoofing and social engineering attacks.
  • Usernames and email addresses are a ephemeral and fragmented representation of identity. Most users have a handful of preferred usernames and 2 or more active email addresses.
Users Need Security – None of us is perfect. Most people use a small number of passwords stored in stupid ways. And even fewer usernames. We blithely click on email and text links.

... 5. Must not contain dictionary words with or without numbers or special characters at the end or the beginning...

Daily life demands that we create and remember a new password for almost every single thing we do—reading the news, paying bills, or simply ordering a pizza. The promise of online convenience has been broken by antiquated authentication solutions with unrealistic security best practices.

UNS is different from other access management approaches

UNS TRUST:  UNS Lets You be You

Existing authentication systems are built on trust in central authority. Trust in UNS comes from user-generated private keys in users personal devices.

  • Consolidating credentials in user tables creates an attractive target for hackers.

  • Current systems rely on a 3rd party to provide a user’s identity. Sometimes these parties make mistakes.

  • UNS lets the user be the ultimate authority of their identity. You know who you are. You’re usually right.

UNS authentication lets you prove You are You, providing full control over your identity.

UNS Privacy: Utterly No Surveillance

UNS uses a unique, anonymous identifier for each individual account

  • Existing authentication systems are hostile to privacy because they use data that can connect users across different Services.

  • Access control that relies on email, security questions, and phone numbers makes it easy to link a user’s accounts and online activities across services. This is hostile to privacy and puts every user at risk.

  • Current authentication systems force every user to click “I Agree” for access even though the actual risks are unclear and may not match their preferences.

UNS preserves privacy by issuing a unique identifier for each user account with each Service

UNS Security — Utterly No Spoofing

Cyber attacks rely on tricking users or systems to trust an imposter. UNS authentication uses asymmetric cryptography and out of band communication to stop imposters from gaining access to accounts

  • Existing systems utilize shared secrets and central authorities to identify users. If any system containing those secrets is compromised, an attacker can impersonate the user. UNS minimizes the attack surface because the users secrets never leaves their device.

  • The UNS protocol remains secure over an insecure network, even when messages are stolen, altered, or replayed.

UNS uses out of band communication and asymmetric cryptography to thwart phishing, credential theft, and brute force attacks.

UNS PRACTICALITY — Users Need Simplicity

Existing security protocols require users to learn a wide variety of authentication rituals, including passwords, authenticator apps and ambiguous security questions.

  • Simply scan a barcode with your phone to add a new device to your identity.

  • UNS is supported directly on smartphone apps and in the browser.

  • UNS authentication works seamlessly on any device, from one browser to the next, one device to another, on the web and with native apps.

UNS uses out of band communication and asymmetric cryptography to thwart phishing, credential theft, and brute force attacks.