17 July 2015

VIDEO: Winfrasoft CEO, Steven Hope Explains Why the Time Has Not Yet Come for Biometrics

Last week our CEO, Steven Hope, joined leading privacy, identity and security experts from across  Europe to present at Building Trust on a Hyperconnected World, an event hosted by EEMA and OASIS at the EMEA headquarters of CA Technologies, Ditton Manor.

In the session entitled ‘Biometrics: the time has come?’, Steven was joined by Professor JJ Nietfield from the University Medical Centre in Utrecht, the Chair of the OASIS IBOPS Technical Committee, Abbie Barbir and Executive Director of EEMA, David Goodman. During his presentation and the panel debate which followed, Steven shared his perspective on the hype surrounding the use of biometrics. He explained that whilst the technology does have the potential to have a place in the identification and authentication process, there is a reason why it has not yet taken off in the way many experts had expected.

Steven argued that the proliferation of biometrics on the latest smart devices is focused on delivering a convenient user experience, and is not about delivering tight security, despite the worrying efforts of some large organisations (especially those in the banking sector) trying to find ways to exploit the likes of TouchID for authentication purposes. He also observed how the word ‘biometrics’ has wrongly become synonymous with security, and explained how smart devices operating consumer-grade biometric sensors, could not and should not be expected to deliver the accuracy and reliability of high-end biometrics equipment used in the commercial world.

You can watch Steven's full presentation here...

14 July 2015

Passwords won’t be gone in the blink of an eye

I truly believe we are about to turn the corner in finally replacing password-based authentication, but I am concerned that many organisations (some vendors and some end-user businesses) are getting a little distracted with the current flavours of the month.

Last month I posted a blog explaining why emojis are not the future of authentication. This week I find myself having similar conversations about selfies, following MasterCard’s announcement that it is experimenting with a mobile app, through which the customer poses for a selfie, blinks and hey presto they are authenticated!

Many of us use emojis and take selfies everyday (as well as using social networks which is another method being considered), so on face value it would seem to make sense to try and find ways of adopting them as authentication tools. However, passwords have been with us for a long time and don’t think that they are going to go in the blink of an eye!

From an end-user perspective passwords cause us headaches, because they are overused and as we all do so much online, we need to remember so many of them. Most of us solve this problem by using the same password (or variations of it), causing organisations major headaches as we compromise their security protocols. The thing is, we all want to be secure and protected but we are also impatient and don’t want to be inconvenienced, so we look for short cuts
Now, imagine this brave new world where passwords have been replaced by the headline hitting gimmicks. As it is the start of July you want to login to your online banking to check you have been paid. To do so you are asked to provide a fingerprint (biometric). Great news you have money in your account and it is time to renew your car insurance and they want you to prove you are who you say you are with a selfie. Next you decide to do your weekly shop but before you can arrange delivery you need to use your secret combination of emojis. Three different methods to authenticate. Suddenly passwords don’t seem so bad!

For all their failings passwords are ubiquitous in our society. There is an encouraging ground swell of support to displace them, but if they are to be usurped it needs to be with something that has the potential to become just as prolific and lasting, and crucially doesn’t cause the people who use them pain.

Author: Fred Astfeldt, Winfrasoft

2 July 2015

Winfrasoft to Help Organisations Move from Passwords and Hard Token Authentication at the Security IT Summit 2015

Winfrasoft today announced that at the Security IT Summit 2015 it will be demonstrating how organisations can move away from password-based security with the award-winning PINgrid, PINpass and PINphrase. The one-day event takes place on 7th July at the Hilton London, Wembley.

At the Security IT Summit, Winfrasoft (an OATH and FIDO Alliance Member) will provide security professionals working in B2B and B2C organisations with a fresh alternative to their current authentication and transaction verification methods. Delegates will learn how they can remove the reliance on password-based authentication and pressure on the helpdesk for resets, eliminate procurement costs and administration surrounding card readers and keyring tokens, and innovate without the need to implement expensive biometrics.
- PINgrid is an award-winning and patented multi-factor authentication and transaction signing solution that is being used in the public and private sector today to transform any mobile device into a soft-token, via a simple offline app, replacing passwords with a memorable pattern that automatically generates an OTP.

 - PINpass turns any mobile device into a token by sending a six to eight digit OTP to it via SMS or email. By combining it with a PIN, or an existing Active Directory password, PINpass creates a strong 2FA solution.

- PINphrase uses Random Character Authentication.

PINgrid, PINphrase and PINpass all support implementation in 1.5 and 2FA environments.

Head of Sales at Winfrasoft, Fred Astfeldt comments: “Recently we have seen a reaction from retail banks as they start to offer customers a choice in how they authenticate themselves online, giving the option to continue with card-reader or keyring token, or to login using their memorable information. In PINphrase, Winfrasoft is the only authentication speciality with an off-the-shelf product that enables any organisation to implement this form of authentication without the need to develop it in-house.”

Astfeldt adds: “Our solutions have been rigorously tested in public and private sector organisations and have been proven to deliver strong, robust and reliable authentication. However, they have also been demonstrated to have a major impact on improving the end-user experience.”

In addition to PINgrid, PINphrase and PINpass, Winfrasoft will also be demonstrating its Enterprise Desktop Logon and Remote Desktop Agent for organisations using Microsoft’s Remote Desktop Services, Citrix and VMware. These solutions enhance secure access to the corporate network, applications and data by augmenting the username and password login with either 1.5 or 2FA.

For more information about the Security IT Summit visit: www.securityitsummit.events

Follow the event on Twitter @SecIT_Summit