You might attend one of the large cyber security trade shows or a national conference on defeating hackers and keeping your company's data safe, and emerge thinking "hackers don't have a chance of getting in". And then you see yet another headline on yet another big data breach, and reality kicks in. We're far from winning you think. But wait, there's a new technology in town, which has the ability to start levelling the playing field.
If a set of technologies clearly don’t work well, should you blindly keep on using them? That’s the question we asked ourselves several years ago when looking at today’s inadequate authentication systems and products. We could see that all of them suffered from major flaws. Perhaps the biggest is that they all require users to give up something valuable - like a mobile number or fingerprint (to name just two) - which can ALL be stolen.That’s worth repeating. Virtually all current authentication systems depend on user secrets or objects which can be stolen, rendering them weak and vulnerable. So we set out a number of years ago (around 2005) to create something where the user’s all-important “secret” could not be stolen, is never exposed, only resides in the user’s head, and does not depend on users having to carry extra bits of plastic (including phones) to prove who they are. Shayype technology we believe is the first real advance in cyber security for decades. Now users can enjoy the convenience of passwords, with the strength of 2FA - without the clutter and cost of having to use extra devices. Not even phones! Shayype displays a different code (a one-time passcode or OTP) on the user’s screen, meaning it’s far more secure than say vulnerable “two-step” authentication systems where users are sent codes by text. These can so easily be diverted to hackers’ own phones simply by taking over a user’s mobile account. We also hope to save the world from the burden of having to use longer and “stronger” passwords, which just get harder to remember – so end up being written down or stored en masse. All that’s now inthe past. The future now looks more secure for all of us, as at last cyber security can (pardon the pun) Shayype up.
Jon is Technical Director of ShayypeLtd. and has been working in the field of systems and software engineeringsince 1989. After graduating from De Montfort University (Leicester) with aBEng (Hons) in electronic engineering, he joined Philips Communications andSecurity in Cambridge as a systems design engineer, creating large securitysystems for clients such as Manchester Airport (Terminal 2) and the Bank ofEngland. Since leaving Philips in 1996, Jon has undertaken software developmentroles for BT, Nokia, EDS, IBM and T-Mobile, specialising in softwaredevelopment using open source platforms and cutting-edge multi-media webapplications.
Jonathan is the founder of Shayype having pioneered pattern-based authentication in Europe as long ago as 2005. His background is in communications, media (both as print and broadcast journalist), public relations and conference organisation. In 2008 a company he set up to begin exploring the potential of device-less OTP authentication was awarded “Cool Vendor”status by Gartner, and in 2009 the same company won UKTI’s Franco-British Award for Innovation. Now as part of the Shayype team he hopes to save the world from the burden of passwords, replacing them with what is arguably the first new knowledge-based “factor” for use in human authentication in decades.
Patrick is responsible for marketing at Shayype and loves building and delivering world-class solutions for clients. He has spent over 10 years working in the tech transformation space, delivering solutions for some of the largest public and private sector organisations in the UK. Working in this space has enabled him to see a need for change in the way we authenticate ourselves and secure our data and finances. Being a key member of the Shayype team allows him to help clients do just this. Outside of work he is a happy family man who enjoys spending time with his loved ones. He is looking forward to changing the world.
Paul is responsible for commercial development at Shayype.He is an experienced corporate business builder, having led Companies acrossEMEA, including playing a key role at FedEx, where he created a newdivision to focus on e-commerce activity to address the new needs of thedigital age. For the past 10 years he has been a hands-on Investor,helping early stage tech businesses across multiple sectors start and scaletheir operations. Three companies he has supported have featured in the SundayTimes Fast Track 100 – and his goal is to add Shayype to that list, based onthe value the company will create for its customers.
Tor is responsible for techdevelopment at Shayype. His vast experience includes working in strategy, programme management, transformation and delivery of large-scale IT systems in banking, financial services, regulation, insurance and government. Tor believes successful IT operations and change programmes stem from a clearly-defined IT strategy, and that an holistic approach is needed to ensure any IT organisation delivers added value and business benefits through rationalisation and consolidation across the IT estate.
HOW CAN WE HELP?
Your security is vital. In today's world, we need a better way to prove who we are, when we can no longer see who we're dealing with. Some people (including UK Defence Minister Ben Wallace, have even described the online world as a “Wild West”. The tech giants who created our online world should have created a better way for all of us to prove who we are. Shayype is that system, allowing users far more control and security when online.
You’ll be able to re-set your pattern securely. (Talk to us directly to find out how user security is maintained.)
We’d say it’s far easier to remember a pattern. Our brains are hard-wired to recognise shapes like faces - far more so than horrendous hard-to-recall sets of characters. One of the brilliant things about Shayype is that it allows users to set up something extremely complex – a secret that’s really hard to guess – extremely easily!
Shayype is the ideal answer. Users will be armed with something that’s as simple (some would say simpler!) as passwords – a mentally-held pattern or shape – which has all the effect and strength of two-factor as it ‘generates’ one-time passcodes. And all without having to carry any additional hardware, even a phone.
Shayype works on any device you’re currently using provided it has a screen. So literally anything from computers and tablets to ATMs and door locks. All you need with you is your Shayype secret pattern.
Yes. Compared to existing systems such as MS Active Directory where encrypted passwords are stored, the Shayype system offers far higher security as users' secret patterns are not actually stored in their original form.
Typically, you’d be directed (perhaps via an email link) to a webpage containing a ‘blank’ grid. You then just click on a few dots to create a secret pattern or shape (guided by a neat ‘strength’ meter). The system then suggests you try out your pattern by seeing a dummy ‘real’ grid and reading off numbers. If you can do that OK, the system will ask if you want to save your pattern, and you’re done. It’s as simple as that.
Certainly. We will be able to offer an SDK (software developers’ kit) and our existing API library will adapt to any system.
Certainly. Shayype is a new ingredient in the security ‘mix’, able in theory to replace all fixed user-ID codes including PINs (personal identification numbers) as well as much of the hardware (sleeve-readers, key-fobs, cards). It could therefore replace or enable updating of, most of the systems currently in use. For instance, credit and debit cards could work with Shayype OTPs instead of fixed PINs, enabling them to be used securely online; vulnerable fixed passwords used in web-banking (albeit only exposed in parts – but still vulnerable) could be replaced. Etc.
Absolutely. Users of Shayype combined with most of the state-of-the-art IAM packages on the market allow users to authenticate just once rather than having to do it again each time they want to use individual applications. This means that your applications don't have to deal with login forms, authenticating users, and storing users – which hugely raises security (as there are no longer multiple places where possibly ‘shared’ passwords are stored). Once logged-in to an IAM via Shayype, users won't have to log in again to access a different application.