Metaverse is all the buzz. Users bet on a virtual reality world where they can interact and experience things as they would in the real world. While the Metaverse promises to replicate real-life elements, one aspect that cannot be ignored is the privacy and security challenges that the digital space brings with it.
As the online and offline worlds collide, many are excited about the enormous technological potential of the metaverse in terms of changing traditional finance, experiential e-commerce and gaming, but some are concerned about the potential costs that users will have to pay for this privilege.
In today’s column, we discuss the future of passwords in the Metaverse. Before we dive deeper into the subject, here is a brief overview of the metaverse. It’s a concept coined by science fiction writer Neal Stephenson in his 1992 novel Snow Crash. In short, the metaverse is a mix of offline and online experiences in an interactive digital space, where social interactions and transactions can occur simultaneously.
Cybercrime and Metaverse
Like social networks, the metaverse is prone to cyber-attacks including phishing, ransomware attacks, etc., reveals a new report from Ermes, an Italian company that exploits artificial intelligence applied to cybersecurity. The company in its report identified the main forms of cybercrime risk in the metaverse. The cybersecurity company lists the main forms of hacker attacks in the metaverse:
#Information Theft: Users could unknowingly share their sensitive data directly with a hacker, putting their real assets at risk.
#Impersonation: Theft of the user’s avatar which would lead to the attacker being recognized as the true owner, capable of performing the relevant malicious actions.
#Cryptocurrency theft: users could have their crypto and NFT wallet passwords stolen, as well as the keys to access their avatars in the metaverse.
The big question
“With the advent of social media and the explosion of various platforms, now including Metaverse, the world is also faced with: how do you really know who is sitting on the other side of a metaverse? And is that the person who he claims to be? Or is he even a real person? asked Siddharth Gandhi, chief operating officer of 1Kosmos, a cybersecurity firm specializing in passwordless authentication.
We’ve heard Elon Musk take over Twitter, and one of his key questions is how many bots are on the other side? Musk has talked about identity-based verification not once but many times. “…this is where the whole genesis of the passwordless requirements starts, that you ask the person logging into social media, or Metaverse to prove who they are before they can log in and that’s where that passwordless authentication comes into play,” says Gandhi.
With big tech companies now believing in a passwordless future, all of that could change. For example, Apple, Google, and Samsung have introduced biometrics for users, and this will eventually expand to other services on those devices.
Password authentication will be a flawed and cumbersome security method in the metaverse, as opposed to newer methods like biometrics. Big tech companies have realized the need to push towards a future without passwords. Otherwise, they only make life easier for cybercriminals, whose technology is also improving.
In the metaverse, users would simply use biometrics to log into the first point of entry. From there, they could move without problem. “At any time, if you need to enter a secure perimeter, whether in the virtual or physical world, you must enter your username and password or additional multi-factor authentication which is an OTP.” But that’s not how you will enter the metaverse. “…what we want to try to bring is that each of us has a unique, biometric individual – a fingerprint, a face ID or a live ID where we ask the person to take a selfie and to show real characteristics of the person to be able to log in. So it’s quite simple, but extremely powerful,” adds Gandhi.
This might be possible via something called BlockID.
For example, when a data breach occurs, one of the main things a hacker is looking for is to take the credentials of the user and once they have them, they gain access to the database. central data, it removes the data that is there, whether it is their IP address or sensitive information about users. “The beauty of BlockID is that it’s blockchain-based, which means it’s backed by a distributed ledger at the back. This makes the platform very secure since there’s no central database. Moreover, it also gives users control over their identity and neither the company nor the service provider can access it without consent,” he noted.
Password authentication is so deeply rooted in the internet that it seems almost impossible to imagine a world without passwords. However, with the emergence of metaverse and blockchain technology, now could be the perfect time to eradicate passwords once and for all, thus making the virtual space safer for everyone.