As we’ve all settled into our new mix of office and home (or remote) working, being able to prove who we are has become even more important – especially with the way things are on the international stage. So the ways we use to authenticate ourselves, and protect business data & information, have taken on even greater significance. Which begs questions like: ‘Is receiving one-time passcodes by email or SMS as part of “two factor” or “two-step” authentication (also commonly referred to as multi-factor or MFA), the best way?’ Cyber criminals as we know are pretty adept at finding new ways to gain access to our precious accounts, including getting hold of these very important security codes. They can be a gateway to a lot of sensitive personal and business data which can place an organisation at significant risk. As we access customer databases, invoicing systems or company bank accounts from an increasing range of non-standard or ‘BOYD’ devices, we can find ourselves opening up ever-greater opportunities for cyber criminals to attack. Authenticator apps have made great strides in protecting such attacks, and our member Shayype has decided to take on the task of trying to move this technology forward, by placing an addition layer of protection on these well-established authentication solutions.

Replacing these existing solutions Shayype delivers a more secure yet convenient solution, offering better fraud resistance and a better user experience. With Shayype, there’s less risk to your business from lost, stolen or forgotten passwords or devices. However, who better to tell us a little more than one of the people behind this great innovation? Have they come up with the first new MFA ‘factor’ in ten years?

“The big flaw in traditional two-factor – leaving aside biometrics or the ‘something you are’ bit – has always been that an arrangement which depends entirely on twin factors of ‘something you know and something you have’ has always been having confidence that the device in question is in the right hands. So we set out to provide an answer, by grafting an additional layer onto the front of the standard app used by Google, Microsoft and others.

“Prior to this we had developed a core technology designed to help users prove who they are, by being able to extract one-time passcodes (OTPs) from a small numbered grid filled with single digits. Only the user, armed with a known (set up in advance) secret pattern or ‘Shayype’ can read the correct numbers. The criminal or hacker, cannot. Or looked at another way, we’ve simply developed a more secure way to deliver OTPs – far better than on phones or key-fob devices, where the code is typically shown as plain text.

“In the next couple of months we aim to have a free version with this technology bolted on to an Authenticator app on the app stores, which Cyber East members will be very welcome to have a play with. This app will use the standard protocols of HOTP and TOTP, so can receive the same codes as any other Authenticator app, but those codes will not be displayed in such a vulnerable way,” – Jonathan Craymer, founder Shayype Global Ltd.

If you want to know more about what the Shayype team are up to then you can take a look at their website (https://www.shayype.com/) or get in touch directly by contacting Jonathan Craymer at jcraymer@shayype.com