metaverse is all the hustle and bustle. Users are betting on a virtual reality world where they can interact and experience things as they would in the real world. While the metaverse promises to replicate elements from real life, one aspect that cannot be ignored is the privacy and security challenges posed by the digital space.
As the online and offline worlds collide, many are excited about the metaverse’s vast technological potential in terms of changing traditional finance, experiential e-commerce and gaming, but some are concerned about the potential costs users will have to pay for it. the privilege.
In today’s column we discuss the future of passwords in the metaverse. Before we get into the topic, here’s a quick summary of the metaverse. It’s a concept coined by sci-fi writer Neal Stephenson in his 1992 novel Snow Crash. Basically, the metaverse is a mix of offline and online experiences in an interactive digital space, where social interactions and transactions can take place simultaneously.
Cybercrime and Metaverse
Like social media, the metaverse is prone to cyber-attacks, including phishing, ransomware attacks, etc., reveals a new report from Ermes, an Italian company that uses artificial intelligence applied to cybersecurity. In its report, the company identified the top forms of cybercrime risk in the metaverse. The cybersecurity firm identifies the main forms of hacker attacks in the metaverse:
#Information Theft: Users can unknowingly share their sensitive data directly with a hacker, putting their real assets at risk.
#Identity Theft: Theft of the user’s avatar that would lead to the hacker being recognized as the real owner and able to perform the relevant malicious actions.
#Cryptocurrency Theft: Users Could Be Deprived Of Passwords For Their Crypto And NFT wallets and keys to access their avatars in the metaverse.
The big question
“With the advent of social media and the explosion of various platforms, including now Metaverse, the world is also dealing with: how do we really know who is on the other side of a metaverse? And is it the person he or she claims to be? Or is it even a real person?” asked Siddharth Gandhi, Chief Operating Officer, 1Kosmos, a cybersecurity firm engaged in passwordless authentication.
Siddharth Gandhi, Chief Operating Officer, 1Kosmos. (Photo: 1Kosmos)
We’ve heard Elon Musk come out to take over Twitter, and one of his key questions is: How many bots are on the other side? Musk has talked about identity-based verification not once, but several times. “…that’s where the whole genesis of even the passwordless requirements starts, that you ask the person logging into social media, or Metaverse, to prove who they are before they can log in and that’s true passwordless authentication comes into play,” Gandhi said.
The change
Now that big tech companies believe in a passwordless future, all this could change. For example, Apple† googleand Samsung have introduced biometrics to users, and this will eventually spread to other services on those devices.
Password-based authentication will be flawed and cumbersome security methods in the metaverse, unlike the new ones like biometrics. Major tech companies have realized that there must be a push toward a password-free future. Otherwise, they just make life easier for cybercriminals, whose technology is also improving.
In the metaverse, users would simply use biometrics to log in at the first point of entry. From there they should be able to move around without any problems. “If you need to enter a secure perimeter at any time, be it in the virtual or physical world, you must enter your username and password or an additional multi-factor authentication that is an OTP.” But this is not how you enter the metaverse. “…what we want to try to bring in is that each of us has a unique individual, biometric – a fingerprint, facial ID or Live ID where we ask the person to take a selfie and leave real characteristics of the person be able to log in. So it’s quite simple, yet extremely powerful,” Gandhi added.
This could be possible through something called BlockID.
For example, when a data breach occurs, one of the main things a hacker is looking for is to take the user’s credentials and once they have it, they can access the central database, take away data that is there, be it their IP address or sensitive information about the users. “The great thing about BlockID is that it is blockchain based, meaning it is backed by a distributed ledger on the back. This makes the platform very secure as there is no central database. Furthermore, it also puts users in control of their identities and neither the company nor the service provider can access it unless permission is given,” he noted.
Password-based authentication is so ingrained in the internet that it seems almost impossible to imagine a world without passwords. However, with the rise of metaverse and blockchain technology, now could be a perfect time to eradicate passwords once and for all, making the virtual space more secure for everyone.