The system will not help Visually impaired
If such a system was made compolosury it could cause real problems for the visually impaired community as well as people with eyesight difficulties as seeing the numbers in a grid could be a real problem.
GrIDsure has teamed up with secure communications firm Masabi to create a mobile version of the pattern technology that's touted as a replacement to PIN-based identity systems. This will take on the hardware tokens used by companies such as RSA Security for remote identification. Secure tokens are generally keyfob-style …
GrIDsure have already been chatting with the RNIB and have had a positive response about the suitability of the system for the sight-impaired, see this response to the original GrIDsure article on the Reg:
The mobile application could be made to read out the numbers on the grid quite easily on most modern phones, which would still be protected from a "shoulder listener" by the GrIDsure system, in the same way as a "shoulder surfer" is defeated. (although that hasn't been built into the existing system)
Ben, from Masabi.
First there was the PIN, which was a PaIN to remember, so we all memorised the patterns. Now, if this system comes into effect we are going to have to remember a pattern, visually map that pattern without tracing our finger on the screen and key the resultant numbers in. This is going to slow the whole process down, increase anxiety levels of users and, I would hazard, increase the number of PIN rejections.
Is the grid going to be the same 5x5 that was touted for ATM's? If so, the patterns will probably be more difficult to visualise as well.
I know it's a good idea, but that does not mean it is the right idea. My verdict is a thumbs down.
Hi - maybe this is all easier than you think.
Just remember which squares (cells) you chose, and read off the numbers which appear in them. Easy-peasy in our humble view.
Also GrIDsure NEVER works on 'touch screens' so you won't need to trace your pattern/shape with your finger (which could give information to a shoulder surfer).
Once you've actually seen how it works, we think you'll see how simple, secure and anxiety reducing it is (www.gridsure.com/slideshow - OR try the actual demo on the site for yourself).
I have a number of comments to make, the first is that the Masabi application creates a reactive, transaction specific, out-of-band application for Authentication. That's a step up.
The second is that it has still has strength even if both the computer and the phone are infected - nothing else can do that.
Thirdly, we now have a working demonstration of the GrID being spoken to the user, as the RNIB advised.
Fourthly, I too wondered about the usability of GrIDsure. So I explained the idea to my God Daughter, she is five years old. I made it a simple game for her, "Can you tell me the right numbers from that grid according to your pattern?"
She had no problem with it at all and ten minutes later explained it to her parents. When I saw her again last month, she was still able to use the same pattern that she had chosen a month before.
It is easier than you give it credit. Try it yourself a few times, you'll see it on the demo on the website.
Finally, GrIDsure is not a perfect solution, it's a technology which can be applied to solutions to make them easier to use & stronger. The job now is for the industry to find applications for the technology, so that we can all have easier, safer lives.
Biting the hand that feeds IT © 1998–2019