Shayype™ is designed to offer a perfect new authentication element/ingredient, with all the simplicity and portability of passwords (no devices to carry, not even a phone), with the strength of OTP-based two-factor.

Traditionally users have had to employ either passwords, some kind of device-based two-factor or biometrics (which we have grave reservations about). (Our research shows most businesses are crying out for a better option than the passwords-or-2fa conundrum!)

However, with Shayype users are presented with OTPs on the screen of whatever devices they’re using – even if they’re not their own (ATM, borrowed machine, web-café, kiosk etc) in a form only they can recognise. The OTPs are concealed in a 5x7 (default size) grid with single digit numbers in each cell, which they “read” using a pre-set secret pattern or shape (e.g. an L-shape, tick etc). NB Shayype can also be used in app form on separate devices.

This means Shayype is:-

  • Easier to use & recall
  • Shoulder-surfing proof
  • A universal authentication tool (user can authenticate or prove “ownership” of an account without any devices, documentation or personal information coming into play)
  • Easily re-set (unlike biometrics)
  • Codes can be generated for a variety of purposes
  • Increases user control over login security (codes are single use and change every time)
  • Allows users to authenticate without giving anything at all away (most of today’s systems create further potential GDPR problems by asking for additional attributes like mobile numbers etc)
  • Linked to reputable KYC services (Experian, Equifax, Gov.Verify etc) these could “vouch” for users including attributes such as age etc. (KYC services could do an initial 30-minute interview with big data etc just once – and thereafter this level of strong authentication could be “turned on” with a Shayype OTP)
  • Ideal for systems like cloud, blockchain, or even BBC “Box”
  • Blocks could contain a user’s biometric and private key – securely “fronted” by a Shayype OTP
  • Cards could have online “chip & PIN”.

How secure is it? Shayype’s patent applied-for back end uses a new version of Shamir’s Secret Sharing, fragmenting the user token, meaning that even if a hacker were to break in, he/she would not find anything useful (compare this to key-fobs requiring global databases of keys). And our front-end offers four versions designed to offer extreme security – including Shayype Evade which defeats filming/screen-scraping and algorithms designed to work out users’ patterns, as well as Shayype Swipe designed for secure phone use (no code generated – instead user proves ownership of pattern secret on the screen using finger swipes).