_4Col.png)
You might attend one of the large cyber security trade shows or a national conference on defeating hackers and keeping your company's data safe, and emerge thinking "hackers don't have a chance of getting in". And then you see yet another headline on yet another big data breach, and reality kicks in. We're far from winning you think. But wait, there's a new technology in town, which has the ability to start levelling the playing field.
If a set of technologies clearly don’t work well, should you blindly keep on using them? That’s the question we asked ourselves several years ago when looking at today’s inadequate authentication systems and products. We could see that all of them suffered from major flaws. Perhaps the biggest is that they all require users to give up something valuable - like a mobile number or fingerprint (to name just two) - which can ALL be stolen.That’s worth repeating. Virtually all current authentication systems depend on user secrets or objects which can be stolen, rendering them weak and vulnerable. So we set out a number of years ago (around 2005) to create something where the user’s all-important “secret” could not be stolen, is never exposed, only resides in the user’s head, and does not depend on users having to carry extra bits of plastic (including phones) to prove who they are. Shayype technology we believe is the first real advance in cyber security for decades. Now users can enjoy the convenience of passwords, with the strength of 2FA - without the clutter and cost of having to use extra devices. Not even phones! Shayype displays a different code (a one-time passcode or OTP) on the user’s screen, meaning it’s far more secure than say vulnerable “two-step” authentication systems where users are sent codes by text. These can so easily be diverted to hackers’ own phones simply by taking over a user’s mobile account. We also hope to save the world from the burden of having to use longer and “stronger” passwords, which just get harder to remember – so end up being written down or stored en masse. All that’s now inthe past. The future now looks more secure for all of us, as at last cyber security can (pardon the pun) Shayype up.
Jackson is a CTO with 18 years’ experience in software and app development. He has successfully completed projects that saved companies £800k annually and contributed to the sale of a business for £3.5 million supported by technology he helped create.
John has long been a pioneer in FinTech and the Digital Trust model for internet transactions, having helped to found Barclays’ original Information security management team, and in 2000 helping to set up IdenTrust - a global bank joint venture. He is now heavily involved in the development of distributed ledger technology in fintech.
Jonathan is the founder of Shayype having pioneered pattern-based authentication in Europe as long ago as 2005. His background is in communications, media (both as print and broadcast journalist), public relations and conference organisation. In 2008 a company he set up to begin exploring the potential of device-less OTP authentication was awarded “Cool Vendor”status by Gartner, and in 2009 the same company won UKTI’s Franco-British Award for Innovation. Now as part of the Shayype team he hopes to save the world from the burden of passwords, replacing them with what is arguably the first new knowledge-based “factor” for use in human authentication in decades.
HOW CAN WE HELP?
No. That would betray your secret pattern. You just read off the numbers and input them on a separate keypad (on the device or using a stand-alone one on-screen). One of the strengths of Shayype is that it’s practically impossible for someone watching you to work what your pattern is – as there are at least seven of each digit. Which ‘5’ did you use, which ‘4’ etc.
Yes. In fact, we want to build a system which will allow things like Google password and phone-based two-factor to be replaced by Shayype. Google Authenticator with its QR codes and phone-based OTPs clearly isn’t the answer most people want. The system has been around for approaching a decade, yet a year or so back one of the Google security engineers revealed that less than 10% of users have it. So, we’re aiming to build an alternative: whenever you need to authenticate, a Shayype matrix will pop up and you’ll just read off and input a securely delivered OTP to prove it’s you. We’re going to welcome support from people like you in exchange for getting hold of early versions. Watch this space.
Absolutely. Users of Shayype combined with most of the state-of-the-art IAM packages on the market allow users to authenticate just once rather than having to do it again each time they want to use individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users – which hugely raises security (as there are no longer multiple places where possibly ‘shared’ passwords are stored). Once logged-in to an IAM via Shayype, users won't have to log in again to access a different application.
Instead of vulnerable fixed strings of characters, users are armed with secret patterns or shapes, which when applied to small grids containing numbers (typically 5X7) populated with random (frequently repeated) single digits, neatly and elegantly provide users with new ‘one-time’ codes for each transaction, while resisting threats such as shoulder-surfing.
Shayype is an entirely hardware-less system designed to provide users of online or remote systems with different login codes every time they need to be authenticated or prove their ‘right’ to perform an action, neatly combining the convenience of passwords with the strength of key-fobs’ one-time codes. There’s no additional hardware required and no complicated password to remember - just a memorable pattern. So, it’s as simple and portable as passwords, but with the strength of two factor.
There are over 33bn on a 5x7 – which is our ‘everyday’ or default size matrix. Increase the size of the matrix, and security goes up exponentially.
Shayype’s entropy is mathematically superior to standard 6-character key-fob tokens, and as it is hardware-less, software-driven, and works on any device with a display (as well as in hard-copy form) it also promises massive cost-savings.
The patterns are used to create database keys in conjunction with an exclusive secret-sharing algorithm, offering many more levels of difficulty to hackers.
Yes. Shayype is highly scalable, so in theory huge numbers of users can be granted a one-time passcode facility. This means whole user/customer-bases could be provided with greater online security, or a city/town could do the same for its citizens.
Yes. Like having multiple passwords, you can have more than one pattern. However (although this is up to individual users) you may decide having just one, or even two, patterns is enough.