We generated some interesting debate on the BBC website. The comment length on Rory's blog is restricted, so I've written this blog to respond to some of the comments raised in the article, and these broadly fall into the categories of security, funding and product.
Security
Firstly I’d like to comment on the understandable concern about storing all passwords in one place. This is clearly of paramount concern and is therefore built into our solution, so to access your data, you need a username, password and a key-phrase.
Your key-phrase is used within your browser to encrypt all of your login details before they are stored on our servers. We don’t store your key-phrase, it is totally private to you and it is the only way to decrypt your stored data. Without it, even we cannot decrypt your stored details.
Using a reasonable length key phrase to encrypt your data means that even if someone maliciously got access to your stored data, then it would take the latest supercomputers millions of years to attempt every permutation of key to decrypt your data.
For the simplicity of being able to log into sites with one click, the convenience of accessing from any web device or phone, and the security offered by being able to use randomly-generated, strong, unique passwords for all your other sites, we feel that AES encryption (using a private Key Phrase) is sufficiently strong in comparison to the millions of years it would take to crack a key of reasonable length.
The big question is how secure is what you do now?
If you use similar passwords for all sites, or you store them in a file on your hard-drive or phone, or perhaps write them down, these are widely publicised as insecure practices.
There is lots of useful information and advice around the web on this, including the governments Get Safe Online campaign at www.getsafeonline.org.
Funding
The government grant being referred to is not a cash advance, it is paid retrospectively based on the creation of 25 jobs over the next two years. This is an excellent and well considered allocation of public funds in that it incentivises and stimulates well needed growth in the economy. Please let’s not also forget that as the article states, I have also risked a significant amount of personal funding that has led to the creation of highly-skilled, full-time jobs and opportunities for individuals.
jascbu - thank you for your comments on this I couldn’t agree more!!
Product
Finally, I’d like to respond to the comments about competing products. My1login differentiates from anything mentioned above in that there is no browser plug-in required and no software to download or install meaning it can be securely accessed from any browser meeting the needs of those who are mobile and using multiple devices i.e. laptop, tablet, mobile phone.
It is the only service of it’s kind to also include an integrated dashboard of your email and social media.
Hopefully that helps address the concerns, if you have any further comments we would be delighted to respond.
Kind Regards
Mike
Reponse to comments on Rory's BBC Blog
We generated some interesting debate on the BBC website. The comment length on Rory's blog is restricted, so I've written this blog to respond to some of the comments raised in the article, and these broadly fall into the categories of security, funding and product.
Security
Firstly I’d like to comment on the understandable concern about storing all passwords in one place. This is clearly of paramount concern and is therefore built into our solution, so to access your data, you need a username, password and a key-phrase.
Your key-phrase is used within your browser to encrypt all of your login details before they are stored on our servers. We don’t store your key-phrase, it is totally private to you and it is the only way to decrypt your stored data. Without it, even we cannot decrypt your stored details.
Using a reasonable length key phrase to encrypt your data means that even if someone maliciously got access to your stored data, then it would take the latest supercomputers millions of years to attempt every permutation of key to decrypt your data.
For the simplicity of being able to log into sites with one click, the convenience of accessing from any web device or phone, and the security offered by being able to use randomly-generated, strong, unique passwords for all your other sites, we feel that AES encryption (using a private Key Phrase) is sufficiently strong in comparison to the millions of years it would take to crack a key of reasonable length.
The big question is how secure is what you do now?
If you use similar passwords for all sites, or you store them in a file on your hard-drive or phone, or perhaps write them down, these are widely publicised as insecure practices.
There is lots of useful information and advice around the web on this, including the governments Get Safe Online campaign at www.getsafeonline.org.
Funding
The government grant being referred to is not a cash advance, it is paid retrospectively based on the creation of 25 jobs over the next two years. This is an excellent and well considered allocation of public funds in that it incentivises and stimulates well needed growth in the economy. Please let’s not also forget that as the article states, I have also risked a significant amount of personal funding that has led to the creation of highly-skilled, full-time jobs and opportunities for individuals.
jascbu - thank you for your comments on this I couldn’t agree more!!
Product
Finally, I’d like to respond to the comments about competing products. My1login differentiates from anything mentioned above in that there is no browser plug-in required and no software to download or install meaning it can be securely accessed from any browser meeting the needs of those who are mobile and using multiple devices i.e. laptop, tablet, mobile phone.
It is the only service of it’s kind to also include an integrated dashboard of your email and social media.
Hopefully that helps address the concerns, if you have any further comments we would be delighted to respond.
Kind Regards
Mike
Related Articles
Identity and Access Management: What Matters Most When it Comes to ROI?
This blog examines the profound impact that User Experience and Application Compatibility can have on the business case and return on investment (ROI) delivered...SAML or Enterprise Password Managers: Which Route Should You Take?
Passwords are the most common cause of data breaches, with Verizon’s 2022 Data Breach Investigation Report finding that 70% of all successful cyberattacks leveraged...How reusing passwords exposes businesses to cyber risk
Organisations that rely on password-based authentication to protect corporate accounts often focus security initiatives on ensuring passwords are long and strong in...Identity and Access Management for Web, Mobile and Windows Desktop Applications