You may not have heard of Cloudflare much, but you’ve definitely heard of CATPCHA. Yes, those annoying little tests you have to pass whenever you have to login to a new website, submit some form, or even book a vaccine appointment. Well, if Cloudflare has its way then the days of having to pick photos that show buses, or write down text that’s hard to read may be done. The company has created a new system that aims to replace CAPTCHA with a hardware based system that depends on USB security keys, something that many security experts prefer over any software-based system.
Cloudflare calls its system Cryptographic Attestation of Personhood (let’s say CAP), and says it will bring down verification for logins to at most 5 seconds and three mouse clicks. “The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate,” the company said in a blog post.
Using USB security keys for authentication isn’t particularly a new thing right now. However, it’s usually reserved for specialised use cases, like in security companies, government and more. Essentially, hardware-based systems like these are seen as important only for the most sensitive data at the moment, and the mere fact that these USB keys do cost a bit of money, could mean they’ll remain that way.
However, an example website from Cloudflare also shows that the system can use fingerprint type systems built into devices right now. That, of course, makes the system easier to bring to the mainstream and more accessible.
If you’re thinking Cloudflare is too unknown a company to bring about what is a huge change for the Internet, think again. The company owns 80% of the market share when it comes to content delivery networks (CDNs) across the Internet, meaning its footprint is spread nearly all over the Internet. Cloudflare is also known to be a pioneer in DDoS (Distributed Denial of Service) protection for websites, a system that makes it much more difficult to take down websites.
Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page