Nac, thank you for your time and thoughts. At this point you are looking at and analyzing GridOne's most BASIC GridPass (password + target corner) creation with straight substitution. I will still stack GridOne up against MOST other system and restate that other systems are compromised at first instance where GridOne is not. Regarding Decoy Digits, reductions and credible crypto-analysis has the number of necessary observations at 12+ and more than twice that depending on the underlying password complexity. Opportunistic threats are either transfered elsewhere or mitigated. Now consider a GridPass of a "password" + target corner + add 2 to that target corner. So if the user's password starts with a "G" and the target corner is a 5 the user would enter in a 7 (and so on)!!!! Now add Decoy Digits to that. The Grid system will allow users to create or use thier existing passwords, but then use various corners, combinations of corners and other "functions" that will make attack extremely difficult. Motivated user will have the ability to create GridPasses that are easy to remember, completely portable and extremely secure. And all this is with just the FIRST factor. Grid/GridOne allows the ability to completely do away with the use of reusable passwords and PINS. What percentages of ALL logins (web, domain, ATMs, VPNs, etc.) still rely on reusable information? 98+%??? Finally GridPasses can be blended or play nicely with all the other factors and schemes. And when situations require that only the first factor can be used, Grid offers superior protection. Thanks for listening and I would be more than happy to walk you through a WebEx demo to experience the full system.
Regarding brute force. Let's not confuse brute forcing a static/reusable password with a one time password (OTP). Static in NON-linear and the OTP nature of GridOne creates linear security. There is nothing to bruteforce with an OTP. Also normal account/system lock out defetas any type of guessing of automated attacks.
Uh-
please see my rply to "Nac", especially concerning the use of Decoy Digits(TM) upon login.
"Nac- The GridOne system and its patented approach allow for greater security through the use of Decoys(TM) or Decoy Digits(TM). Upon login the user simple keys in (anywhere in the actual GridCode sequence) any arbitrarily selected, extra numbers or Decoy Digits(TM) and injects them into their strand of numbers So if the real GridCode answer is 51832, the user can enter 3518932; the Decoys of a 3 and 9 are added. Now you are the attacker, and not knowing what are real and what are Decoys(TM), what is the user's underlying GridPass(TM)/password??? This extremely simple, yet highly effective security feature will confer excellent security upon login and will force the opportunistic attack to become a concerted attack requiring time, opportunity and resources. Other methods still use a broken first factor, like a reusable password or PIN, knowing that it is a weak factor or link; and it is the weak link that is attacked. Grid allows and delivers the unparalleled, proven security delivered by One Time Passwords without the need of any device, extra materials, computer modifications or time synchronization (exposed to possible reply attacks). Other methods lock the user to a machine. What if you, your employees or your customers are not at their usual machine due to travel or convenience? Having a user key in vulnerable reusable information or even worse, asking them to key in private information such as their mother's maiden name certainly is not secure. Grid allows complete portability and untethered, secure access for users who are mobile or who are not at a specific machine. Grid allows users to customize their own log-in interface to ensure they are logging into the proper site and that they are authenticating to the true GridCore(TM) server. Again, from any computer, from anywhere while raising the bar against phishing attacks. The other methods? 1 single casual observation , being shoulder-surfed or being watched as the users logs in (getting all the information and/or images), and the user's account is compromised at that instance. Ask most other authentication systems if you can "see or have everything at login" and what will their security be? Nothing is bomb-proof, but GridOne allows complete portability and untethered, secure access from any machine from anywhere, nothing to ship, mail, print, download or carry for the end users or their machines."
Nac-
The GridOne system and its patented approach allow for greater security through the use of Decoys(TM) or Decoy Digits(TM).
Upon login the user simple keys in (anywhere in the actual GridCode sequence) any arbitrarily selected, extra numbers or Decoy Digits(TM) and injects them into their strand of numbers So if the real GridCode answer is 51832, the user can enter 3518932; the Decoys of a 3 and 9 are added. Now you are the attacker, and not knowing what are real and what are Decoys(TM), what is the user's underlying GridPass(TM)/password??? This extremely simple, yet highly effective security feature will confer excellent security upon login and will force the opportunistic attack to become a concerted attack requiring time, opportunity and resources.
Other methods still use a broken first factor, like a reusable password or PIN, knowing that it is a weak factor or link; and it is the weak link that is attacked.
Grid allows and delivers the unparalleled, proven security delivered by One Time Passwords without the need of any device, extra materials, computer modifications or time synchronization (exposed to possible reply attacks).
Other methods lock the user to a machine. What if you, your employees or your customers are not at their usual machine due to travel or convenience? Having a user key in vulnerable reusable information or even worse, asking them to key in private information such as their mother's maiden name certainly is not secure.
Grid allows complete portability and untethered, secure access for users who are mobile or who are not at a specific machine.
Grid allows users to customize their own log-in interface to ensure they are logging into the proper site and that they are authenticating to the true GridCore(TM) server. Again, from any computer, from anywhere while raising the bar against phishing attacks.
The other methods? 1 single casual observation , being shoulder-surfed or being watched as the users logs in (getting all the information and/or images), and the user's account is compromised at that instance. Ask most other authentication systems if you can "see or have everything at login" and what will their security be?
Nothing is bomb-proof, but GridOne allows complete portability and untethered, secure access from any machine from anywhere, nothing to ship, mail, print, download or carry for the end users or their machines.
Slashdot Mirror
Nac, thank you for your time and thoughts. At this point you are looking at and analyzing GridOne's most BASIC GridPass (password + target corner) creation with straight substitution. I will still stack GridOne up against MOST other system and restate that other systems are compromised at first instance where GridOne is not. Regarding Decoy Digits, reductions and credible crypto-analysis has the number of necessary observations at 12+ and more than twice that depending on the underlying password complexity. Opportunistic threats are either transfered elsewhere or mitigated. Now consider a GridPass of a "password" + target corner + add 2 to that target corner. So if the user's password starts with a "G" and the target corner is a 5 the user would enter in a 7 (and so on)!!!! Now add Decoy Digits to that. The Grid system will allow users to create or use thier existing passwords, but then use various corners, combinations of corners and other "functions" that will make attack extremely difficult. Motivated user will have the ability to create GridPasses that are easy to remember, completely portable and extremely secure. And all this is with just the FIRST factor. Grid/GridOne allows the ability to completely do away with the use of reusable passwords and PINS. What percentages of ALL logins (web, domain, ATMs, VPNs, etc.) still rely on reusable information? 98+%??? Finally GridPasses can be blended or play nicely with all the other factors and schemes. And when situations require that only the first factor can be used, Grid offers superior protection. Thanks for listening and I would be more than happy to walk you through a WebEx demo to experience the full system.
Regarding brute force. Let's not confuse brute forcing a static/reusable password with a one time password (OTP). Static in NON-linear and the OTP nature of GridOne creates linear security. There is nothing to bruteforce with an OTP. Also normal account/system lock out defetas any type of guessing of automated attacks.
Uh- please see my rply to "Nac", especially concerning the use of Decoy Digits(TM) upon login. "Nac- The GridOne system and its patented approach allow for greater security through the use of Decoys(TM) or Decoy Digits(TM). Upon login the user simple keys in (anywhere in the actual GridCode sequence) any arbitrarily selected, extra numbers or Decoy Digits(TM) and injects them into their strand of numbers So if the real GridCode answer is 51832, the user can enter 3518932; the Decoys of a 3 and 9 are added. Now you are the attacker, and not knowing what are real and what are Decoys(TM), what is the user's underlying GridPass(TM)/password??? This extremely simple, yet highly effective security feature will confer excellent security upon login and will force the opportunistic attack to become a concerted attack requiring time, opportunity and resources. Other methods still use a broken first factor, like a reusable password or PIN, knowing that it is a weak factor or link; and it is the weak link that is attacked. Grid allows and delivers the unparalleled, proven security delivered by One Time Passwords without the need of any device, extra materials, computer modifications or time synchronization (exposed to possible reply attacks). Other methods lock the user to a machine. What if you, your employees or your customers are not at their usual machine due to travel or convenience? Having a user key in vulnerable reusable information or even worse, asking them to key in private information such as their mother's maiden name certainly is not secure. Grid allows complete portability and untethered, secure access for users who are mobile or who are not at a specific machine. Grid allows users to customize their own log-in interface to ensure they are logging into the proper site and that they are authenticating to the true GridCore(TM) server. Again, from any computer, from anywhere while raising the bar against phishing attacks. The other methods? 1 single casual observation , being shoulder-surfed or being watched as the users logs in (getting all the information and/or images), and the user's account is compromised at that instance. Ask most other authentication systems if you can "see or have everything at login" and what will their security be? Nothing is bomb-proof, but GridOne allows complete portability and untethered, secure access from any machine from anywhere, nothing to ship, mail, print, download or carry for the end users or their machines."
Nac- The GridOne system and its patented approach allow for greater security through the use of Decoys(TM) or Decoy Digits(TM). Upon login the user simple keys in (anywhere in the actual GridCode sequence) any arbitrarily selected, extra numbers or Decoy Digits(TM) and injects them into their strand of numbers So if the real GridCode answer is 51832, the user can enter 3518932; the Decoys of a 3 and 9 are added. Now you are the attacker, and not knowing what are real and what are Decoys(TM), what is the user's underlying GridPass(TM)/password??? This extremely simple, yet highly effective security feature will confer excellent security upon login and will force the opportunistic attack to become a concerted attack requiring time, opportunity and resources. Other methods still use a broken first factor, like a reusable password or PIN, knowing that it is a weak factor or link; and it is the weak link that is attacked. Grid allows and delivers the unparalleled, proven security delivered by One Time Passwords without the need of any device, extra materials, computer modifications or time synchronization (exposed to possible reply attacks). Other methods lock the user to a machine. What if you, your employees or your customers are not at their usual machine due to travel or convenience? Having a user key in vulnerable reusable information or even worse, asking them to key in private information such as their mother's maiden name certainly is not secure. Grid allows complete portability and untethered, secure access for users who are mobile or who are not at a specific machine. Grid allows users to customize their own log-in interface to ensure they are logging into the proper site and that they are authenticating to the true GridCore(TM) server. Again, from any computer, from anywhere while raising the bar against phishing attacks. The other methods? 1 single casual observation , being shoulder-surfed or being watched as the users logs in (getting all the information and/or images), and the user's account is compromised at that instance. Ask most other authentication systems if you can "see or have everything at login" and what will their security be? Nothing is bomb-proof, but GridOne allows complete portability and untethered, secure access from any machine from anywhere, nothing to ship, mail, print, download or carry for the end users or their machines.