Managed.IT - issue56

26 MANAGED.IT 01732 759725 SECURITY Fear of data breaches and the threat of huge fines from the Information Commissioner’s Office (ICO) have spread terror among directors since the inception of GDPR in May 2018, made worse by the fact that the online security industry appears unable to stem the constant flow of headline- grabbing hacks and data breaches. Could a new UK invention from UK start-up Cloud-pin Ltd be the solution? Shayype is designed to do what two-factor authentication does – provide users with security- boosting ‘one-time’ passcodes (OTPs) for logging into systems or authorising an action – but without the need to set up complex phone-based processes or use inconvenient hardware. Instead, users choose a pattern or shape made up of a number of squares (typically seven) on a numbered grid, the pattern and position of which they will need to memorise for all future log-ins. Each square within the grid contains a number that changes with every transaction. To log-in securely, the user just enters the numbers that appear in the squares that make up their chosen shape. Shayype can be used instead of passwords for individual applications or as a ‘wrapper’ around existing password-protected systems, offering additional security via cloud-based ‘remote authentication’, plus the security and convenience of single sign-on. To find out more, Technology Reseller spoke to Shayype’s inventors Cloud-pin Technical Director Jon Beal (JB) and Cloud-pin Chairman Jonathan Craymer (JC). ManagedIT (MIT) : What’s wrong with traditional passwords? JC: Traditional passwords were once thought to be secure enough to keep hackers out. It was argued it would take even the best computers years to reverse engineer ‘strong’ passwords. But modern technology designed to ‘crack’ the most complex passwords in fractions of a second, viruses or malware able to capture everything users type, as well as sophisticated methods designed to fool users into giving up their passwords have seriously downgraded the use of fixed ID codes as a security measure. The real problem is that you never know when a password has fallen into the wrong hands, so while you’re sleeping at night a hacker could be coming and going, all the while appearing to be you. MIT : Why, then, are passwords still so widely used? JC: This is a slightly tricky one to answer. The response we prefer is that, until now, no-one has demonstrated that there’s something better! Also, a lot of people still see passwords as ‘free’, whereas they’re anything but free if they allow hackers to get in. Data breaches may cost enterprises millions in terms of reputational damage, loss of customers and potentially Is Shayype the future of authentication? ManagedIT finds out more from inventors Jon Beal and Jonathan Craymer The Shayype of things to come huge fines from the Information Commissioner. These may be survivable by larger firms but could wipe out smaller companies. MIT : What is Shayype’s approach and why is it potentially more secure? JB: We could see a long time ago that passwords weren’t secure enough and couldn’t understand why the tech giants that had created our digital world weren’t able to come up with anything better. Instead, they turned on the password, blaming it for many of our cyber ills. Meanwhile, product vendors announced they had the answer with a dazzling array of hardware-based ‘two factor’ systems using key fobs, phones, USB plug-in or Bluetooth ‘keys’, as well as various biometric systems based on users’ personal characteristics, such as fingerprints, face shapes or voice recognition. All of these have flaws – the main one being that they can all be stolen. Clearly, what was needed was a better ‘mentally held secret’ – something you know, which is secure, easy to use and never exposed. So, we created Shayype, offering the simplicity of passwords with the strength of two-factor but without the need for extra hardware. MIT : What are the benefits of Shayype compared to other password alternatives – and why might it be a more successful replacement? JC: The problem with passwords is that hackers can so easily get hold of and re-use them. But all the alternatives have flaws too. A phone or key-fob can be stolen. In fact, as Jon says, everything we currently use to authenticate ourselves, including our fingerprints, someone can now walk off with! Chinese technicians showed last Autumn at a conference in Jonathan Craymer (l) and Jon Beal (r)

RkJQdWJsaXNoZXIy NDUxNDM=