Tackling Identity Theft through Decentralization with Locke Brown
Protecting your identity online is a huge challenge. Most of us have been affected by data breaches and leaks at companies and services where we have accounts and passwords. What if there was a better way to keep our digital identities safe? Locke Brown’s NuID rethinks the traditional password-based approach in favor of a decentralized, user-controlled solution.
Locke Brown grew up a freewheeling digital native in the early 2000s, with a family computer in the kitchen and a brick phone that he tethered to the internet to play faster video games. He soon racked up a four-digit, “very inappropriate phone bill” – an early indoctrination into the kinds of trouble you can get into online.
These were the internet’s heady “Wild West” days, when “people couldn't imagine putting credit card information online,” Brown recalls. “Now, we literally go online and ask a stranger to come pick us up and get in their car.”
Danger lurked. At Claremont McKenna, Brown was mining Bitcoin from his college dorm, and trading huge sums of crypto. He “learned the hard way about trusting an exchange or some other outside party to be the custodian of your private keys,” when he suddenly lost it all in the Mt. Gox collapse.
Brown multi-tasked, earning a bachelor’s in mathematics and economics and a master’s in finance, while interning at Google and serving a number of roles at Asia Pacific Investment Partners (APIP), an emerging markets Investment Management and Private Equity firm headquartered in Mongolia. He went on to join the trading desk at Bill Gates’ private investment office, BMGI, in 2014, where he later co-founded the blockchain working group. That’s when the concept of sovereign identity took hold, and the seed of his company was born.
Teaming up with Nolan Smith of Microsoft, the two founded NuID, a blockchain-based digital identity company that provides users with a better way to manage their own online identities. IDs are secure and portable across platforms and services, so users no longer need to rely on outside parties to keep their personal data secure. Individuals have ultimate control over what and with whom anything is shared.
Identity security demands a solution. Most of us have been attacked. A LinkedIn data breach in 2021 involved 700 million profiles, or 92% of the total user base. Following a promise in 2018 to “better protect user information,” Facebook suffered a breach of 540 million user records in 2019. The notorious Equifax breach in 2017 compromised users’ Social Security numbers, birth dates, addresses, and in some cases driver license numbers and credit card information. Brown says 80% of hacking incidents are caused by weak or stolen credentials.
“It’s a self-perpetuating problem,” he says.In the traditional “hash-and-store” method of authentication, the user password is sent over the internet where the server parses it in plaintext. This means the server learns the password, and the platform bears the responsibility for safely storing that password. “They'll hash the password,” Brown explains, “and then save that in a database. First column: username. second column: email. Third column: password.” This system exposes the data to vulnerability for several reasons: first, when passwords are sent to a server to be hashed, they can be easily intercepted and compromised. Second, passwords are often out there in the open to be nabbed by criminal hackers. Facebook, Google, and Twitter have all accidentallystored plaintext passwords in unsecured log files.
Handing the controls to the user adds an extra benefit beyond enhanced security – it absolves companies of responsibility. With over $4 million in funding, NuID is partnering with enterprise clients wanting to reduce their own liability to hacks or data breaches.
This prevents companies from being on the hook for damages or regulatory non-compliance penalties, not to mention the costs of cleaning up a damaged reputation.
Authentication-as-a-Service is a growing trend, and NuID faces some competition. What may set Brown’s company apart, however, is his blockchain-based decentralized approach, whicheliminates the need for centralized password storage.
Innovation is all about failing forward. Embracing mistakes in order to learn from and route around them. And Locke Brown’s early mistakes are now coming home to roost with the solution to sovereign online identity.
Want to know more? Read theNuID whitepaper.