GrIDsure, a vendor that bases its marketing around the concept of evolution of ID security, is frustrated by the ‘state’ of the infosec industry. “It’s the only sector I can think of where 20 year old technology is still dominating the market”, Howes told Infosecurity.
The password, he insisted, is dead. “We need to challenge status quo. Current mainstream offerings just aren’t good enough”. It is the duty of the chief information security officer [or equivalent role] to provide secure software to their company, he said, “not to just automatically select [or keep] the biggest brand”.
Daniel Mothersdale, GrIDsure’s CEO, is proud to declare the GrIDsure concept, “a new concept in totality. We’re not just another RSA”, he says. Indeed, the technology works independently from hardware tokens, and instead is based on a one-time passcode developed through pattern-based authentication. They describe their offerings as 1.5 factor and 2.5 factor authentication. For a more detailed description of the technology, please click here.
Pattern-based authentication is superior over passwords, Mothersdale argued, “because the human mind will remember patterns more than numbers. Studies have proved as much”. The grid can be made bigger and more complicated, but the use of colour will simplify the authentication process for the user, he explained.
Security is, unfortunately, often about making things more complicated for the user, Mothersdale told Infosecurity. “People then don’t have the mechanism to deal with that. So in that instance the industry then offers the ‘forgot password’ function, which is essentially a get out of jail free card”, he explained.
Interestingly, GrIDsure technology can be adopted by the blind. The system will simply read the numbers in order from left to right. “Disability and language is not an issue. You could even ask someone else to type in the PIN for you without giving away ‘your secret’.” Similarly, the coloured grids do not exclude the colour blind, “all they need is contrast”.
The ongoing misconception, Howes explained, is that of security nirvana. “There is no perfect solution. Some CISOs are still looking for it, and until they find it, they just stick with the same old software they’ve already got. Well, they are standing on a burning platform”, he said.
“The IT industry notoriously recycles ideas, like that of virtualization”, Howes said. “GrIDsure has a ‘can do’ attitude and we bring in people that have the same”.
With expansion plans and an intention to increase personnel, GrIDsure is looking to bring in “industry expertise”. They are not looking at hiring graduates however, as Mothersdale is of the impression that “We couldn’t put them in front of C-level execs”.