Using ‘cryptopasswords’ to discover data breaches
Grant Miller on a method for discovering data breaches instantly, before they are made public:
Recently, in a conversation with Rob Witoff (formerly on the security team at Coinbase, now at Google) we discussed the idea of replacing passwords with private keys that control public cryptocurrency wallets:
Experimenting by updating passwords on sites I frequent to Litecoin private keys w/ $100 on each. If anyone’s not handling their passwords properly I should find out soon.— robz (@rwitoff) January 18, 2018
[…] The bottom line is, if someone steals your cryptocurrency, you know. If someone steals your password, your SSN or any other PII for that matter, you are at the mercy of the custodial party to discover and disclose that to you.
Making passwords literally money is a genius idea and an elegant solution to a major trust problem.