The problem with passwords is that the more effective they are (long, complicated and changed frequently) the less likely we are to remember them. As a result we’ve seen a surge in biometric security apps, most notably the iPhone 5s finger print scanner, hitting the market. While spy movie technology is opening a new and burgeoning market in the security industry, experts have pointed out that biometrics is not the answer to our password problems.
Dave Aitel CEO of Immunity Inc. explains: “People expose their biometrics everywhere – they leave fingerprints behind at bars and restaurants, their faces and eyes are captured in photos and film, etc. There’s no real way to conceal this data from the world.”
And once your biometrics are compromised there is no way to change them. In other words, you’re stuck with the fingerprint your mama gave you. It seems the answer may be pictorial. We get the low down on why pictures are worth a thousand words from COO and PixelPin Founder Geoff Anderson.
Q) Tell us a little bit about PixelPin and how it works?
PixelPin provides a highly secure, user-friendly and personalised visual authentication solution that strengthens user engagement and brand loyalty, whilst ensuring a higher level of security than traditional alphanumeric passwords.
It’s a cloud-based solution that’s cost effective, easy to deploy, and works across all devices. PixelPin’s innovative solution uses a photo instead of a PIN or password to login. Users select 4 points on a pre-selected image. It works on any device using a touch screen or mouse and can be used to login to any application or system.
Q) What was the catalyst to create PixelPin? Was there an ‘Aha!’ moment?
Brian (CEO and Inventor) was working with the Met Police in a white surveillance van when their computers crashed. He noticed that their passwords were written down in their notebooks, which is not good security practice, and thought there must be a better way.
Q) What’s the science behind the idea? Why is it easier for people to remember images than a sequence of letters and numbers?
There is a lot of science around how people interact with pictures; the Picture Superiority Effect provides evidence that people remember pictures, and places on pictures a lot better than alphanumeric. The ability to remember visually is a key element of PixelPin’s security as it makes forgetting passwords something of the past.
Q) How did your former careers influence both the conceptualisation of the idea and the methodology of implementing it?
Both Brian and I were experienced in delivering complex software security projects. Understanding the technologies of developing a security product was necessary to provide a credible product to market. Security products need to be developed a lot more professionally than many other services that appear on the web. Our experience was fundamental to creating a successful product.
Q) How key is distribution of the service to your business model i.e. on the consumer side – will consumers be able to use PixelPin to access their social media accounts as well as banking to prevent hacking etc? [Also will this be dependent on commercial third party sign up of your service or can it work independently?]
PixelPin has been developed as a B to B to C product. This means we sell PixelPin to businesses for their users to sign into their services. Users can only use PixelPin on those businesses that enabled PixelPin. PixelPin is distributed in this way to take advantage of the technology we use to eliminate passwords altogether. If we provided PixelPin as a consumer login, we would still need to manage their passwords for them, and we see passwords as so insecure that we aren’t keen to take on that risk.
Q) The recent iCloud leak has left many consumers questioning the safety of their data in the hands of third parties and GNU founder Richard Stallman has labeled cloud computing a ‘trap’. What does the future of cyber privacy look like?
At the moment there is no real consensus across the industry on what secure authentication looks like, so users are at the mercy of many less than secure solutions. As multifactor solutions start to become more established then users will see the benefits, but the risks will always be there as hackers are highly skilled and strongly motivated where money can be made.
Q) Edward Snowden revealed the NSA and GCHQ cracked the online encryption that protects the privacy of hundreds of millions of peoples’ personal data. Can we protect our data from the government?
At the moment it is hard to protect your privacy from governments unless you move into more extreme precautions such as using Tor and running your own Virtual Private Networks (VPNs). Good practice on encryption is becoming more available from companies such as Apple who now encrypt iPhones as normal practice. However, it is an offence to withhold encryption keys from a police request so if governments really want your data they will find it.
Q) Are there any simple precautionary practices people can implement to secure their online data?
At the moment my advice is to always use unique passwords for banking and email accounts, as if these are hacked every other web site can be accessed through password resets. Use a password manager or Apple Keychain to secure your passwords and develop a system of memory for key passwords. Finally I use one browser for banking and formal activities, and another browser for social activities as the password ‘auto fill’ features are not very secure.
Q) Most of us trade our privacy for free services everyday (I’m looking at you, Facebook). Can users ever outsmart the T&C loophole?
For a start, if you use Facebook make sure you do not provide your real date of birth as that is a common security question. There are web services such as Ghostery and mobile services like Disconnect that block web trackers and reduce threats. The issue of social logins is not knowing how well to trust sites that you use. I have seen that my contact data is often misused so I am not a great fan of social logins. Maybe sites such as Ello will change this dynamic, but it is still early days for those sites.
Q) What’s the hardest thing about starting your own business? What’s the most rewarding thing about starting your own business?
You need to a have a lot of belief and a strong team around you to succeed. Constantly learning and re-appraising your efforts is hard but necessary, working with a great team and watching them develop is very rewarding.
Q) What’s one thing you wish you had known before you started PixelPin?
Although we were given advice at the start that everything takes a lot longer than you plan for, we thought we could manage that, however the advice was spot on!
Q) What advice would you give entrepreneurs starting their first venture?
Get as much user feedback as you can before starting your venture. We see a lot of businesses that struggle for traction. Getting users is the hardest part of being a start up.