If you’re looking for a sure-fire way to keep your documents safe, then you’re bound to have explored document encryption as a solution. But, this will inevitably have led you to more choices: Is PKI encryption the true route to document security? Will a password do instead?

Today, we look at this complex issue for you.

Is a Password or PKI Better for Document Security?

Passwords have recently suffered a lot in the eyes of the public and with reason too. Short passwords are never a good idea, yet the difficulty in remembering longer passwords means that people fall into two traps: Writing down the password (leaving them vulnerable to theft and misuse) or trying to make it personally meaningful (which can easily be guessed or cracked with a dictionary-type attack).

The issue is clearly not with a password format per se, but rather with the human behind it. We’re simply not good at properly employing passwords in a way that would make them actually secure, as that also makes them difficult to remember and use.

That’s where PKI shines. In effect, it’s a very long and random “password” and thus almost uncrackable, meaning no human has to remember it or even access it. They instead use their credentials and keys to use the system. Unsurprisingly, this gives it massive support from many sides, all claiming it is far more fail-proof than passwords.

Is Cryptography the Protection, While Humans Are the Weakness?

Again, they’re right, unless the user gives away the PKI credentials (i.e. their private keys). In a world where some people will happily tell others their pin numbers and then hand over their ATM cards too, can you really be so certain that won’t happen to you? The second someone with dubious morals gets hold of those vulnerabilities, the benefits of PKI fall away, all without the need to actually break the code.

Unfortunately, it’s happened before. A hack led to false PKI certificates being issued, even to mega brands like Skype, Mozilla, and Microsoft. Once the hackers obtained these, they had free license to masquerade as the organizations, creating more and more fake keys without having to actually crack the cryptography.

So, What’s the Solution to Document Security?

The answer lies in protecting your PKI technology, allowing it to do its job, and identifying users without directly handing them the credentials that allow vulnerabilities to creep in. That’s exactly what DRM software can help you with.

DRM software makes sure that the credentials are hidden in a non-transferrable encrypted wallet. This helps you avoid the greatest weaknesses of passwords and PKI. In other words, there’s no password to leak and no credentials that can be shared (either willingly or unwillingly) by the users.

Also, the effort that would be required to create a fake customer record in your system would also be near impossible (and too time consuming) for potential hackers; it would require them to break almost all of your system components (online and offline) and they won’t simply have to exploit a vulnerability. And, you’ll know long in advance if you’re under such an attack.

Passwords only offer a false sense of security at best. PKI is the way to go to ensure safe and secure document encryption, but only if you also take steps to stop it being exploited due to the inevitable human weakness in the system.

So, which one do you find the most secure?

Published by Kaushal Shah