Nowadays, passwords are of common use. People accept them, as they don't see any other way to secure their identity.
In security, it is not about making a platform unbreakable, but to make it hard enough to get to the information.
Problem with passwords are legion:
- they can be guessed and cracked (too simple & predictable),
- they can be obtained through a password dump from big companies (Amazon, Sony...)
- they can be harvested with trickery (malware key-loggers, spyware, phishing)
- they can be asked by false "customer services" (emails, phone calls)
These methods all rely on the fact that a password is a set of key strokes that you only know... But:
- only you knowing it is not safe anymore with these attacks,
- even careful people could get exposed through one of these methods if they let their guard down only one time.
Logrr introduces their cryptographic technology, which:
- uses you phone as the key to validate you identity,
- this cryptographic key never leaves you phone from its creation to its removal,
- this key is replaced every month, so brute force is useless,
- this key also can't be extracted from the Logrr app (key is encrypted on the device),
This means in matter of previous valid attacks on passwords:
- The key used to sign data is too short & difficult to be cracked,
- As the key is stored in the phone, a dump from Logrr wouldn't contain any critical data,
- Key-loggers and spyware (especially on computers) would have not effect as identity validation happens between the phone and Logrr service,
- As there is no password in the process, no one can ask you to "spell" the cryptographic key to use it somewhere else
Our technology eliminates the most common and critical attack types platforms can have
Zero risk does not exist, but we can get close to it by removing most common and use scenarios.