New Readers

 Home Executive Briefings Security Predictions SM Directory Global Excellence Volunteer as Expert Register Awards About
How to secure online services affordably for Internet Content Providers (ICPs) and end-users, which hardware tokens failed to do

A management team founded Keypasco, a team with more then 50 years of experience combined within security for e-banking. The company offers a new generation of multi-factor strong authentication solutions, based on software-based patent-pending technology that has been developed for Internet security and Keypasco offers its authentication services on the Cloud worldwide. The Keypasco solution covers today multiple platforms; PC, tablet, and smart phones. The target markets are; e-banking, e-commerce, online gaming, mobile payments, and e-government, etc.

Rake Narang: How has authentication evolved over the years?

Maw-Tsong Lin: The history of authentication has been long but found itself stuck on the combination of a username and password since the very beginning of the Internet era. Despite the impracticality of remembering strong passwords, this method remains the primary way to identify a user online. Some ICPs and users have a greater need for security and to protect privacy than what passwords can offer, and therefore are making alternate security methods a high priority.

Then came the 2 Factor Authentication (2FA) solutions, mainly with hardware tokens. But the 2FA tokens are mostly used within e-banking, and even if it has a higher level of security than relying on a username and password combination only a small percentage of banks use this solution. The cost of the administration, purchasing the hardware, the logistics and instructing users how to use the new system will result in a very large upfront investment, both in money and time. One significant limitation with the 2FA tokens is the update limitation when a higher level of security is needed. There are other software-based solutions available on the market today. But most of them are proven to not be secure enough.

There are other software-based solutions available on the market today. But most of them are proven to not be secure enough.

Rake Narang: How risky is simple username and password combination for login? Why aren’t better authentication solutions being deployed everywhere?

Maw-Tsong Lin: Username and password is not secure at all due to the many threats online today, like; ID-theft, phishing, and key logging, etc.  

The 2FA token solutions are mainly deployed within the financial sector, but it was deployed only by a minor part of the banks because of the high costs. Another reason is that once a token has been chosen, the security level is fixed against certain known threats. So when Man-in-the-Middle and Man-in-the-Browser attacks came, the deployed tokens were useless against those new threats.

Today Cloud-based services are available and with this development it brings a new aspect to the situation; where the ICPs don’t even know whom the user is and where he/she lives. So how can an ICP roll out a token to these users even if the ICP can afford to do so?

We believe a new revolutionary thinking, a paradigm shift, or a new ecosystem within the authentication industry is necessary to meet the demands of a sustainable and affordable online security, as well as the protection of privacy. We believe that the Keypasco solution will trigger this change.

Rake Narang: Is one ID access really possible considering numerous devices and formats people use these days?

Maw-Tsong Lin: It is theoretically possible. But because of many political and commercial reasons it will take long time to make it a reality.

But we believe that a majority of ICPs will accept a third party authentication service, similar to the OpenID concept, when the end-users are conscious of the risks online and start to demand a better protection of their privacy and their personal property online. We believe that users then will demand to use their own ID, provided by a certain ID-provider that they know can offer the security level they want, to access several services.

Company: Keypasco
Magasinsgatan 24, SE-411 18 Gothenburg, Sweden

Founded in: 2010
CEO: Maw-Tsong Lin
Public or Private: Private
Head Office in Country: Sweden
Products: Keypasco offer a patent-pending software-based authentication solution. Where we combine factors like device fingerprint, geo-location, 2-channel structure, proximity of mobile devices and risk engine to offer a strong multi-factor authentication that is improved continuously. The Keypasco authentication solution is a secure, easy to deploy, easy to roll out, and cost effective new generation of authentication solutions. The Keypasco solution can be offered as a third party authentication solution on the Cloud, or as an embedded solution to an ICP (Internet Content Provider).
Company's Goals: Since static passwords are not secure, hardware based tokens are too expensive and still can’t mitigate new threats on the Internet, and pre Keypasco existing software-based authentication solutions are not secure enough: a paradigm shift within the authentication industry is necessary for a sustainable development on the Internet, especially for the explosive development within Cloud-based services. Keypasco aim to be a leading vendor and offer a new generation of authentication solutions, which are affordable for each ICP and user.