Hardware

Simple security, complex passwords

October 18th, 2017
Digital technology solutions provider Ansys has launched an all-in-one online password vault and security authentication product, the SOLID webKey, designed to generate and store long, unique passwords for every site visited.
Unknown

Thanks to its patented password protection technology, SOLID webKey can generate and store long, unique passwords for every site visited, giving owners the best security while only having to remember one master password themselves.

Developed and designed in South Africa by Ansys at its design and manufacturing facility, SOLID webKey helps internet users follow global best practices for protecting online accounts, in a simple-to-use but highly secure manner.

Ansys says the SOLID webKey represents years of experience, encapsulated in a straightforward device suitable for consumers, small businesses and enterprise use alike. It’s ease-of-use and flexibility for all purposes is underpinned by Ansys’ track record in cybersecurity design has been proven by serving demanding clients in the defence, aerospace, industrial and telecommunications sectors.

“Research performed on data that has been leaked onto the internet by criminal hackers continually shows that the general public struggles with basic account security,” explains Teddy Daka, CEO of Ansys. “Year after year, we see that easy to crack passwords such as ‘123456’ or ‘password’ are still in common use, and individuals rely on just one or two memorable passwords or passphrases to protect all their online accounts.”

The challenge is clear, says Daka. Security experts recommend the use of long passwords made up of uncommon phrases, and that every account is protected with a unique password. Yet, when millions of passwords lost in data leaks are analysed – including some of the three billion stolen from Yahoo! In 2013 – the same simple credentials are used over and over again. And if account name and password combinations details stolen from one service can be used to access another, the user is in trouble.

One significant challenge is that the best advice isn’t getting through to end-users. Many sites maintain outdated password policies which still require a mix of upper and lowercase, symbols and numbers. But even strong passphrases are impossible to remember without help, if a new one is created for every account. With SOLID webKey, users can generate passwords that comply with any policy,  using the maximum length accepted by the application, without having to remember it.

“People use easy to remember passwords because they choose convenience over security,” says Daka. “This shouldn’t come as a surprise. We shouldn’t expect people to remember passwords that are made up of 25 random characters for an account they need to access every day.

How does it work? Ansys provied the following information:

SOLID webKey helps to protect online accounts in two critical ways. As a portable password vault, it enables web users to create long, unique passwords for every service that they regularly sign into, which are stored in an encrypted database which in turn can only be accessed with a single master password.

SOLID webKey remembers difficult to crack passwords, so you don’t have to.

Passwords are stored on flash memory on-board the physical SOLID webKey device, which can be plugged into a USB port on any PC. Once plugged in, the SOLID webKey synchronises with the SOLID KeyPass software, which is derived from the industry-standard open source KeePass Password Safe, for access.

The product also has a unique and patented “liveliness” test as a second line of defence against loss of data, which requires a physical tap of the device before passwords can be accessed. This guards against the threat of malware which could steal passwords from the database after they have been decrypted.

Even strong passwords aren’t enough to defend against committed attackers, however, who may gain access to log-in credentials via phishing or other attacks.

To protect against this kind of threat, SOLID webKey’s second core feature is that it can also act as a hardware token for two-factor authentication (2FA), and is compatible with the Universal Two-Factor (U2F) standard promoted by the FIDO Alliance.

U2F is supported by popular service providers such as Google, Facebook and Dropbox. When enabled as an account setting, users will only be able to log in to these services when the SOLID webKey is physically present and the device is tapped by the user.

“Two-factor authentication is rapidly becoming the norm, and is a proven way to secure accounts,” says Daka. “Through SOLID webKey we hope to make it easier to use and therefore more popular with South Africans who want the best in online security.”

By making both strong passwords and 2FA easy to use, SOLID webKey is a major step forward for South African consumers and businesses.

Leave a Reply

Your email address will not be published. Required fields are marked *


+ 1 = 5