Input from Winfrasoft
Hi all forum users. The thread following that article has been interesting, especially as we were brought into it. This is not a product plug at all - this isn't the place, but we would like to clarify a few points.
We do have a product in the market which uses pattern based authentication via a grid/matrix which is available for use today; unlike other companies with just seemingly great aspirations. Our IP has had a patent pending which was filed in 2011 and is quite different to what GrIDsure had at the time; unfortunately the patent office isn't fast and these things take time! Our IP did underpin PinPlus until a year ago, however we would have to assume they have something of their own by now.
Our solution delivers:
- Proper grid pattern based 2FA via SMS or a soft token (on 6 app stores to date)
- OATH strength crypto and logic underneath the grid security
- Transaction signing / verification to thwart man-in-the-middle (SC Mag 2013 award finalist for this)
- Enterprise class authentication server which caters for things like account lockout, brute force protection, complex pattern security levels etc. The patterns are even stored as hashes in the DB to help maintain their integrity.
- The something you know AND the something you have are used together to produce a One Time Code, instead of entering the two factors separately.
FACT: Grid based authentication on a web page can never be as secure as 2FA. A reasonably determined attack can reverse a pattern given enough scrapes of the grid and a valid code (5 or 6 attempts generally). This is why in our implementation we call this feature 1.5FA so it is clear; it's better than just a 1FA password, but not as good as proper 2FA. However, for some situations it is more than good enough and we price it accordingly too.
Feedback from our customers is that their users find the system quite easy to use, even those with a “special class of user” (in their opinion). Simply put, humans find working with patterns easy and remembering passwords / PINs is difficult. Give it a try yourself, we have a demo site at https://www.winfrasoftbank.com/. Also feel free to check out our microsite for the technology at http://pingrid.org. feedback is always welcome too at firstname.lastname@example.org.