What we’d like to do is change the world by giving everyone who uses large, public facing websites (Facebook, Twitter, Google etc) the chance to use hacker-resistant login/authorisation codes that change every time.
In our ideal new world:-
- Website users will use a different (hacker resistant) code every time
- Websites themselves will be more secure from hacking
- Genuine call centres could identify themselves (as will users) establishing trust more easily
- Credit card and other accounts cannot be used without a one-time Shayype code
- Secure “Chip & PIN” will be possible for card users online or over the phone.
Why do we need something new – what’s wrong with passwords, PINs etc?
Computers aren’t very good at identifying human beings, so we have to use strings of letters, numbers and other characters to tell them who we are.
These so-called “passwords” once offered pretty good security, but due to increases in the power of password “cracking” software, as well as the rise of “malware” – which can allow hackers to read everything you type – that security has been eroded to the point where fixed passwords have become a liability. Worse than that, because getting hold of passwords is still the criminals’ favourite way in, such ID codes have become the hackers’ friend.
This erosion of password security is a problem which should have been fixed years ago (Bill Gates predicted passwords would disappear by 2004 – but they didn’t!).
Another way of looking at it is that we usually don’t have any choice in the matter. We are literally forced to identify ourselves in this increasingly clunky, insecure way. At the same time we risk being imitated (by criminals once they’ve got hold of our codes). And to make matters worse, we’re being told to make this process more and more complicated (changing passwords, increasing their complexity).
Meanwhile cybercrime overall continues to rise, and hackers seem able to do whatever they like (including more and more on the international stage, as evidenced by recent developments in the US and Russia). Going online today could be likened to entering a pitch black room full of criminals.
What has the computer industry done about all this?
The “information assurance” sector has done nothing to reduce the problem, apart from giving selected users “key fob tokens” (which have been around since 1977) or “soft tokens” on mobiles (under the heading of “two factor authentication”) for logging-in to say corporate or banking sites/networks – leaving the rest of us out in the cold, continuing to use passwords.
You could argue that the advances they have made have only increased cost and further reduced convenience by insisting users carry yet more pieces of hardware (key-fob tokens, cards, card readers etc.).
Meanwhile “Biometrics” (our fingerprints, irises etc – once regarded as the panacea of authentication) aren’t the answer as if the databases holding the information are broken into, your digitised biometric would be impossible to re-set. Nor is is the use of “big data” (recent transactions or which fridge we bought five years ago) to identify us, as the process can be extremely long-winded.
In truth in our modern world, we should be able to quickly and surely prove who we are anywhere in the world – without anything on us – no documents, not even a phone? But we can’t.
What’s needed is a login codes which change every time, without the need for extra equipment. And this is what Shayype does.
Instead of a fixed password, you use a secret pattern or shape on a little matrix of numbers; your pattern always remains the same, but the numbers change every time – so by applying the pattern you’re able to read off a new set of numbers – forming a unique login code each time.
What we need
At this point we just need people to try out Shayype and give us their views on it. Is it easy to use? Do they like the idea of using a different code every time (which even if captured, is no use to a hacker)?
How can I help?
We’d just like you to register and try out our demo (which doesn’t at the moment log into anything – it’s just a demo).
Once you’ve registered we’d like you to log in at pre-set intervals (we’ll send you a suggested schedule by email). Then we’d like you to comment on how you got on. If you’ve got any other thoughts on the use of passwords, fingerprints, gizmos or anything else, we’d love to hear those too.
Obviously before doing anything we need to make sure: -
No-one feels awkward or embarrassed
Privacy/confidentiality is assured.
Who are we?
Cloud-pin Ltd – developer of Shayype – is a small Cambridgeshire-based company, consisting of just two people (Jonathan Craymer and Jon Beal).
We also have a high security version we’d then license to banks, companies, government users etc. How secure is Shayype? We have yet to get Shayype tested by the army of extremely clever security testers working in this field, but we believe we’ve created a “back end” which offers extremely high security, and which may well exceed anything currently “out there”.