Q

A

Why do we need to upgrade online security?


Your security is vital. In today's world, we need a better way to prove who we are, when we can no longer see who we're dealing with. Some people (including UK Defence Minister Ben Wallace, have even described the online world as a “Wild West”. The tech giants who created our online world should have created a better way for all of us to prove who we are. Shayype is that system, allowing users far more control and security when online.

Q

A

Why is Shayype better than passwords and password ‘upgrades’ like two factor?


Shayype is an entirely hardware-less system designed to provide users of online or remote systems with different login codes every time they need to be authenticated or prove their ‘right’ to perform an action, neatly combining the convenience of passwords with the strength of key-fobs’ one-time codes. There’s no additional hardware required and no complicated password to remember - just a memorable pattern. So, it’s as simple and portable as passwords, but with the strength of two factor.

Q

A

Do I touch the screen when using Shayype?


No. That would betray your secret pattern. You just read off the numbers and input them on a separate keypad (on the device or using a stand-alone one on-screen). One of the strengths of Shayype is that it’s practically impossible for someone watching you to work what your pattern is – as there are at least seven of each digit. Which ‘5’ did you use, which ‘4’ etc.

Q

A

What if someone is filming me, or has put screen-scraping and key-logging software on my device?


If there’s a risk of you being overlooked or recorded, there are two additional versions of Shayype (‘Evade’ and ‘Swipe’) designed to defeat such threats. Talk to us directly about those.

Q

A

How many possible patterns are there? Surely there can’t be that many on a simple 5x7 matrix?


There are over 33bn on a 5x7 – which is our ‘everyday’ or default size matrix. Increase the size of the matrix, and security goes up exponentially.

Q

A

Why is Shayype more convenient to use than two-factor?


Shayype works on any device you’re currently using provided it has a screen. So literally anything from computers and tablets to ATMs and door locks. All you need with you is your Shayype secret pattern.

Q

A

What exactly is ‘pattern-based’ authentication?


Instead of vulnerable fixed strings of characters, users are armed with secret patterns or shapes, which when applied to small grids containing numbers (typically 5X7) populated with random (frequently repeated) single digits, neatly and elegantly provide users with new ‘one-time’ codes for each transaction, while resisting threats such as shoulder-surfing.

Q

A

Is a secret pattern or shape as easy to remember as a password?


We’d say it’s far easier to remember a pattern. Our brains are hard-wired to recognise shapes like faces - far more so than horrendous hard-to-recall sets of characters. One of the brilliant things about Shayype is that it allows users to set up something extremely complex – a secret that’s really hard to guess – extremely easily!

Q

A

Is this the same as the ‘Android swipe’ screen-lock I’ve seen on Android devices?


No – it’s very different – for several reasons. Shayype allows users to extract or ‘generate’ one-time codes (passcodes) which can either be input or used for other purposes (securely reading a one-time login code over the phone, or giving a credit/debit card one-time ‘PIN’ to a carer or shop-assistant being two examples. Also the Android swipe can be shoulder-surfed, isn’t very variable, and may even leave a greasy mark (with Shayype the user never touches the screen).

Q

A

How do I get set up with Shayype and register my secret pattern before using it for the first time?


Typically, you’d be directed (perhaps via an email link) to a webpage containing a ‘blank’ grid. You then just click on a few dots to create a secret pattern or shape (guided by a neat ‘strength’ meter). The system then suggests you try out your pattern by seeing a dummy ‘real’ grid and reading off numbers. If you can do that OK, the system will ask if you want to save your pattern, and you’re done. It’s as simple as that.

Q

A

If I forget my pattern, what do I do?


You’ll be able to re-set your pattern securely. (Talk to us directly to find out how user security is maintained.)

Q

A

Can I have several patterns?


Yes. Like having multiple passwords, you can have more than one pattern. However (although this is up to individual users) you may decide having just one, or even two, patterns is enough.

Q

A

I understand security is raised because my pattern will never be stored in its original form?


Yes. Compared to existing systems such as MS Active Directory where encrypted passwords are stored, the Shayype system offers far higher security as users' secret patterns are not actually stored in their original form.

Q

A

How exactly are Shayype user’s patterns stored that’s so secure?


The patterns are used to create database keys in conjunction with an exclusive secret-sharing algorithm, offering many more levels of difficulty to hackers.

Q

A

How does Shayype’s 'entropy' (resistance to lucky guesses) compare to key-fobs? And will it save enterprises used to traditional 2FA money?


Shayype’s entropy is mathematically superior to standard 6-character key-fob tokens, and as it is hardware-less, software-driven, and works on any device with a display (as well as in hard-copy form) it also promises massive cost-savings.

Q

A

Some versions of Shayype are powered by an Identity and Access Management (IAM) package called Keycloak?


Yes. There are other so-called IaM packages available, but we came across Keycloak (created by Red Hat, now part of IBM) and could see it was excellent and would allow us to offer off-the-shelf versions of Shayype to enterprises and other types of organisation. We refer to the combined solution as Shayype Keycloak.

Q

A

Is it possible to use Shayype on other IAM packages or existing/legacy systems?


Certainly. We will be able to offer an SDK (software developers’ kit) and our existing API library will adapt to any system.

Q

A

Will Shayype Keycloak allow facilities such as single sign-on (SSO)?


Absolutely. Users of Shayype Keycloak authenticate just once rather than having to do it again each time they want to use individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users – which hugely raises security (as there are no longer multiple places where possibly ‘shared’ passwords are stored). Once logged-in to Shayype Keycloak, users don't have to log in again to access a different application.

Q

A

does the same apply to logging out with Shayype Keycloak.


Yes. Shayype Keycloak provides single sign-out, which means users only have to log out once to be logged-out of all applications that use Shayype Keycloak.

Q

A

Will Shayype work with other systems like biometrics?


Due to its flexibility, Shayype is an ideal ‘extra’ factor or ‘fallback’ system, which could operate if other systems have failed. For example, if a biometric system – such as a fingerprint reader – couldn’t operate due to several factors (e.g. user’s fingerprint has worn away) Shayype could still operate.

Q

A

I’m an individual keen to use online facilities (e.g. Gmail or Google apps) in the most secure way possible. Will Shayype help me?


Yes. In fact, we want to build a system which will allow things like Google password and phone-based two-factor to be replaced by Shayype. Google Authenticator with its QR codes and phone-based OTPs clearly isn’t the answer most people want. The system has been around for approaching a decade, yet a year or so back one of the Google security engineers revealed that less than 10% of users have it. So, we’re aiming to build an alternative: whenever you need to authenticate, a Shayype matrix will pop up and you’ll just read off and input a securely delivered OTP to prove it’s you. We’re going to welcome support from people like you in exchange for getting hold of early versions. Watch this space.

Q

A

We’re a bank, concerned about raising security for users. Can Shayype help us?


Certainly. Shayype is a new ingredient in the security ‘mix’, able in theory to replace all fixed user-ID codes including PINs (personal identification numbers) as well as much of the hardware (sleeve-readers, key-fobs, cards). It could therefore replace or enable updating of, most of the systems currently in use. For instance, credit and debit cards could work with Shayype OTPs instead of fixed PINs, enabling them to be used securely online; vulnerable fixed passwords used in web-banking (albeit only exposed in parts – but still vulnerable) could be replaced. Etc.

Q

A

We’re an SME with high net-worth users. We want them to be able to access our online portal, to download documents etc. However, password security appears to be ‘broken’ and our users don’t like the complexity of two-factor or biometrics. How can Shayype help?


Shayype is the ideal answer. Users will be armed with something that’s as simple (some would say simpler!) as passwords – a mentally-held pattern or shape – which has all the effect and strength of two-factor as it ‘generates’ one-time passcodes. And all without having to carry any additional hardware, even a phone.

Q

A

We’re a large organisation, with millions of users. Will Shayype help us?


Yes. Shayype is highly scalable, so in theory huge numbers of users can be granted a one-time passcode facility. This means whole user/customer-bases could be provided with greater online security, or a city/town could do the same for its citizens.

Question Not here?

Contact us at info@shayype.com or call +44 (0)843 320 9869.