Change had to come

You might attend one of the large cyber security trade shows or a national conference on defeating hackers and keeping your company's data safe, and emerge thinking "hackers don't have a chance of getting in". And then you see yet another headline on yet another big data breach, and reality kicks in. We're far from winning you think. But wait, there's a new technology in town, which has the ability to start levelling the playing field.

Our story

The Shayype of things to come

If a set of technologies clearly don’t work well, should you blindly keep on using them? That’s the question we asked ourselves several years ago when looking at today’s inadequate authentication systems and products. We could see that all of them suffered from major flaws. Perhaps the biggest is that they all require users to give up something valuable - like a mobile number or fingerprint (to name just two) - which can ALL be stolen.That’s worth repeating. Virtually all current authentication systems depend on user secrets or objects which can be stolen, rendering them weak and vulnerable. So we set out a number of years ago (around 2005) to create something where the user’s all-important  “secret” could not be stolen, is never exposed, only resides in the user’s head, and does not depend on users having to carry extra bits of plastic (including phones) to prove who they are. Shayype technology we believe is the first real advance in cyber security for decades. Now users can enjoy the convenience of passwords, with the strength of 2FA - without the clutter and cost of having to use extra devices. Not even phones! Shayype displays a different code (a one-time passcode or OTP) on the user’s screen, meaning it’s far more secure than say vulnerable “two-step” authentication systems where users are sent codes by text. These can so easily be diverted to hackers’ own phones simply by taking over a user’s mobile account. We also hope to save the world from the burden of having to use longer and “stronger” passwords, which just get harder to remember – so end up being written down or stored en masse. All that’s now inthe past. The future now looks more secure for all of us, as at last cyber security can (pardon the pun) Shayype up.

Meet our team.

Jackson is a CTO with 18 years’ experience in software and app development. He has successfully completed projects that saved companies £800k annually and contributed to the sale of a business for £3.5 million supported by technology he helped create.

Jackson Howell

Chief Technology Officer

John has long been a pioneer in FinTech and the Digital Trust model for internet transactions, having helped to found Barclays’ original Information security management team, and in 2000 helping to set up IdenTrust - a global bank joint venture. He is now heavily involved in the development of distributed ledger technology in fintech.

John Bullard

DIRECTOR

Jonathan is the founder of Shayype having pioneered pattern-based authentication in Europe as long ago as 2005. His background is in communications, media (both as print and broadcast journalist), public relations and conference organisation. In 2008 a company he set up to begin exploring the potential of device-less OTP authentication was awarded “Cool Vendor”status by Gartner, and in 2009 the same company won UKTI’s Franco-British Award for Innovation. Now as part of the Shayype team he hopes to save the world from the burden of passwords, replacing them with what is arguably the first new knowledge-based “factor” for use in human authentication in decades.

Jonathan Craymer

president & Founder

Ready to implement password-free seamless authentication?

get in touch

HOW CAN WE HELP?

Frequently Asked Questions

We’re a bank, concerned about raising security for users. Can Shayype help us?

Certainly. Shayype is a new ingredient in the security ‘mix’, able in theory to replace all fixed user-ID codes including PINs (personal identification numbers) as well as much of the hardware (sleeve-readers, key-fobs, cards). It could therefore replace or enable updating of, most of the systems currently in use. For instance, credit and debit cards could work with Shayype OTPs instead of fixed PINs, enabling them to be used securely online; vulnerable fixed passwords used in web-banking (albeit only exposed in parts – but still vulnerable) could be replaced. Etc.

Is this the same as the ‘Android swipe’ screen-lock I’ve seen on Android devices?

No – it’s very different – for several reasons. Shayype allows users to extract or ‘generate’ one-time codes (passcodes) which can either be input or used for other purposes (securely reading a one-time login code over the phone, or giving a credit/debit card one-time ‘PIN’ to a carer or shop-assistant being two examples. Also the Android swipe can be shoulder-surfed, isn’t very variable, and may even leave a greasy mark (with Shayype the user never touches the screen).

How does Shayype’s 'entropy' (resistance to lucky guesses) compare to key-fobs? And will it save enterprises used to traditional 2FA money?

Shayype’s entropy is mathematically superior to standard 6-character key-fob tokens, and as it is hardware-less, software-driven, and works on any device with a display (as well as in hard-copy form) it also promises massive cost-savings.

How many possible patterns are there? Surely there can’t be that many on a simple 5x7 matrix?

There are over 33bn on a 5x7 – which is our ‘everyday’ or default size matrix. Increase the size of the matrix, and security goes up exponentially.

We’re an SME with high net-worth users. We want them to be able to access our online portal, to download documents etc. However, password security appears to be ‘broken’ and our users don’t like the complexity of two-factor or biometrics. How can Shayype help?

Shayype is the ideal answer. Users will be armed with something that’s as simple (some would say simpler!) as passwords – a mentally-held pattern or shape – which has all the effect and strength of two-factor as it ‘generates’ one-time passcodes. And all without having to carry any additional hardware, even a phone.

How exactly are Shayype user’s patterns stored that’s so secure?

The patterns are used to create database keys in conjunction with an exclusive secret-sharing algorithm, offering many more levels of difficulty to hackers.

Some versions of Shayype are powered by an Identity and Access Management (IAM) package called Keycloak?

Yes. There are other so-called IaM packages available, but we came across Keycloak (created by Red Hat, now part of IBM) and could see it was excellent and would allow us to offer off-the-shelf versions of Shayype to enterprises and other types of organisation. We refer to the combined solution as Shayype Keycloak.

Do I touch the screen when using Shayype?

No. That would betray your secret pattern. You just read off the numbers and input them on a separate keypad (on the device or using a stand-alone one on-screen). One of the strengths of Shayype is that it’s practically impossible for someone watching you to work what your pattern is – as there are at least seven of each digit. Which ‘5’ did you use, which ‘4’ etc.

What if someone is filming me, or has put screen-scraping and key-logging software on my device?

If there’s a risk of you being overlooked or recorded, there are two additional versions of Shayype (‘Evade’ and ‘Swipe’) designed to defeat such threats. Talk to us directly about those.

Is a secret pattern or shape as easy to remember as a password?

We’d say it’s far easier to remember a pattern. Our brains are hard-wired to recognise shapes like faces - far more so than horrendous hard-to-recall sets of characters. One of the brilliant things about Shayype is that it allows users to set up something extremely complex – a secret that’s really hard to guess – extremely easily!