How to secure online services affordably for Internet Content Providers (ICPs) and end-users, which hardware tokens failed to do
A management team founded Keypasco, a team with more then 50 years of experience combined within security for e-banking. The company offers a new generation of multi-factor strong authentication solutions, based on software-based patent-pending technology that has been developed for Internet security and Keypasco offers its authentication services on the Cloud worldwide. The Keypasco solution covers today multiple platforms; PC, tablet, and smart phones. The target markets are; e-banking, e-commerce, online gaming, mobile payments, and e-government, etc.
Info Security PG: How has authentication evolved over the years?
Maw-Tsong Lin: The history of authentication has been long but found itself stuck on the combination of a username and password since the very beginning of the Internet era. Despite the impracticality of remembering strong passwords, this method remains the primary way to identify a user online. Some ICPs and users have a greater need for security and to protect privacy than what passwords can offer, and therefore are making alternate security methods a high priority.
Then came the 2 Factor Authentication (2FA) solutions, mainly with hardware tokens. But the 2FA tokens are mostly used within e-banking, and even if it has a higher level of security than relying on a username and password combination only a small percentage of banks use this solution. The cost of the administration, purchasing the hardware, the logistics and instructing users how to use the new system will result in a very large upfront investment, both in money and time. One significant limitation with the 2FA tokens is the update limitation when a higher level of security is needed. There are other software-based solutions available on the market today. But most of them are proven to not be secure enough.
There are other software-based solutions available on the market today. But most of them are proven to not be secure enough.
About Maw-Tsong Lin
Maw-Tsong Lin is the former founder of Todos AB and has more then 20 years of experience within e-banking security. Todos was a leading hardware-based token supplier for the e-banking industry. Gemalto acquired Todos in 2010. Maw-Tsong Lin came up with the new idea of secure software authentication and filed the patent application, this idea is now the base of the technology used in the Keypasco Authentication Solution.
Info Security PG: How risky is simple username and password combination for login? Why aren’t better authentication solutions being deployed everywhere?
Maw-Tsong Lin: Username and password is not secure at all due to the many threats online today, like; ID-theft, phishing, and key logging, etc.
The 2FA token solutions are mainly deployed within the financial sector, but it was deployed only by a minor part of the banks because of the high costs. Another reason is that once a token has been chosen, the security level is fixed against certain known threats. So when Man-in-the-Middle and Man-in-the-Browser attacks came, the deployed tokens were useless against those new threats.
Today Cloud-based services are available and with this development it brings a new aspect to the situation; where the ICPs don’t even know whom the user is and where he/she lives. So how can an ICP roll out a token to these users even if the ICP can afford to do so?
We believe a new revolutionary thinking, a paradigm shift, or a new ecosystem within the authentication industry is necessary to meet the demands of a sustainable and affordable online security, as well as the protection of privacy. We believe that the Keypasco solution will trigger this change.
Info Security PG: Is one ID access really possible considering numerous devices and formats people use these days?
Maw-Tsong Lin: It is theoretically possible. But because of many political and commercial reasons it will take long time to make it a reality.
But we believe that a majority of ICPs will accept a third party authentication service, similar to the OpenID concept, when the end-users are conscious of the risks online and start to demand a better protection of their privacy and their personal property online. We believe that users then will demand to use their own ID, provided by a certain ID-provider that they know can offer the security level they want, to access several services.
Company: Keypasco Magasinsgatan 24, SE-411 18 Gothenburg, Sweden
Founded in: 2010 CEO: Maw-Tsong Lin Public or Private: Private Head Office in Country: Sweden Products: Keypasco offer a patent-pending software-based authentication solution. Where we combine factors like device fingerprint, geo-location, 2-channel structure, proximity of mobile devices and risk engine to offer a strong multi-factor authentication that is improved continuously. The Keypasco authentication solution is a secure, easy to deploy, easy to roll out, and cost effective new generation of authentication solutions. The Keypasco solution can be offered as a third party authentication solution on the Cloud, or as an embedded solution to an ICP (Internet Content Provider). Company's Goals: Since static passwords are not secure, hardware based tokens are too expensive and still can’t mitigate new threats on the Internet, and pre Keypasco existing software-based authentication solutions are not secure enough: a paradigm shift within the authentication industry is necessary for a sustainable development on the Internet, especially for the explosive development within Cloud-based services. Keypasco aim to be a leading vendor and offer a new generation of authentication solutions, which are affordable for each ICP and user.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN