BastionZero, a company that specializes in zero-trust database security solutions has launched SplitCert, a new platform that provides password-free authentication access to databases. The platform uses Mutual TLS (mTLS) and cryptographic multi-party computation (MPC) to provide certificate-based authentication for popular, self-hosted Postgres and MongoDB databases.
SplitCert generates one-time mTLS client certificates from two key “shards” stored in two independent locations. Cryptographic MPC is then used to create one-time mTLS client certificates from the two independently stored shards. By storing the shards in separate locations, SplitCert eliminates the single point of compromise associated with the storage and maintenance of database passwords.
The platform is invisible to end-users and supports database access via popular existing database clients and workflows. Additionally, BastionZero’s new desktop app includes passwordless access support for Google Cloud Platform (GCP) cloud SQL and Amazon Web Services (AWS) RDS, along with password-free support for Microsoft Windows servers with Remote Desktop Protocol (RDP).
Passwords are a major security headache for businesses with weak and reused passwords often prevalent among employees who struggle to maintain and remember unique logins across vast numbers of accounts. Passwords are involved in 81% of all hacking breaches, and inherent usability problems make passwords difficult for users to manage safely.
With SplitCert, BastionZero leverages modern cryptographic techniques to ensure that businesses do not need to trust anyone with their database credentials, not even the vendor itself. According to Sharon Goldberg, PhD, CEO and co-founder of BastionZero, SplitCert eliminates single points of compromise associated with the storage and maintenance of database passwords, making it a healthy alternative to traditional passwords.
Passkeys are a kind of passwordless authentication that is seeing increasing attention and adoption by organizations and the technology sector seeking more secure, reliable sign-in alternatives. According to a report by CSO, Google is rolling out support for passkeys across Google accounts on all major platforms. Last month, the FIDO Alliance also released new user experience guidelines to help accelerate the deployment and adoption of passkeys.
The launch of SplitCert by BastionZero is a move in the right direction for businesses hoping to secure their database access without relying on passwords. In an era where cybersecurity remains a serious concern for businesses around the world, BastionZero’s platform could help improve data protection while eliminating multiple points of compromise associated with insecure passwords.