Could a little Sudoku-like matrix full of random numbers, combined with an innovative business model, rescue us from increasingly broken passwords? pin+ think so. They exhibited at Information Security Europe with a refined matrix pattern authentication, creating a system capable of delivering one-time codes without additional hardware – in a way that works with the brain, instead of against it.
The result is they say an intuitive login system with the potential to replace passwords, PINs and combinations the firm claims.
The idea of decrypting a block or matrix of random digits using a pre-chosen set of squares is not new.
“As we approach the InfoSec Show in London and attention once again turns to the latest authentication technologies, our message is that the world needs a more secure mentally-held secret with all the positives that passwords offer, but without any of the down-sides,” says Jonathan Craymer, chairman of pin+.
“It amazes us that the world got so far in creating an online infrastructure, without asking what we’d do when the password as a security concept was truly broken. Now the password is no longer fit for purpose, it’s time to adopt a better system which is both easier to use, and more secure – and we think pin+ is it.”
pin+ has created a standardised front end designed to offer users familiarity and comfort. This means that when both soft and hard two-factor systems are created by partners, users will find that both work in the same intuitive, simple way.Soft 2FA versions will be deliverable via users’ browsers, making solutions it’s claimed useful for applications such as web-banking, e-Commerce or e-Government access.
The hard versions will be applicable to more conventional corporate or financial institution 2FA use, employing apps on phones, tablets and even PCs/laptops.
“There are several great things about this new concept. Working with multiple partners instead of trying to create an end-to-end solution ourselves offers huge potential scalability. We believe pin+ at last offers the potential to be deployed worldwide, and working through partners will aid that proliferation,” added Craymer.
“Also we’re positioning pin+ as a handy new ‘ingredient’ for the IaM industry to use, adding extra layers where necessary to things like hard or soft tokens. This won’t displace existing technologies – instead it will make them work better. A good example is SMS tokens where OTPs are often presented in a rather too-obvious form – something a hacker could take advantage of. But using the pin+ interface to deliver the OTP in a way the hacker can’t read would make the system much harder to attack.
“We also think this is the perfect match for the host of applications being created for mobiles, including shopping and banking etc. Use of a fixed four (or even five!) –digit PIN on a phone when surrounded by others could open up numerous opportunities for criminals – but a one-time code which only the proper user can create, would hugely increase security.”
