Authomate Inc. Announces New CEO and Expansion of the Executive Team

Authomate Inc. is pleased to announce Jeff Schmidt as the company’s new President and Chief Executive Officer and John Lloyd as the new Chief Sales and Marketing Officer, effective January 16, 2015. Authomate’s expansion of its executive management team is a strategic move to strengthen and support the company through its next stages of hyper-growth.

untitledPiyush Bhatnagar, the founding CEO of Authomate Inc. will continue as a member of the executive team, in the new role of Chief Technology Officer and Senior Vice President of Engineering. In this new role, Piyush will be leading innovation at Authomate, developing the short/long term product vision and the execution of product development/delivery. “As Authomate starts a new phase, Jeff and John bring the expertise needed to help take the company to the next level. I am extremely pleased to have them as part of our executive team.” said Piyush. “They share the Authomate vision and commitment to bring rigorous authentication to every aspect of every day life”.

As the President and CEO of Authomate, and President of the Authomate board, Jeff Schmidt is responsible for establishing the vision of the company, as well as developing and executing the growth strategy to drive employee, client, and shareholder value. Before joining Authomate, Jeff was the Chief Operating Officer of SQS North America. He has been at the center of innovative technology leadership throughout his career and has a passion for security solutions. In his work at British Telecom (BT), he led the development of “visual analytics” for intrusion detection, and the early adoption of managed cloud-based security solutions, aimed at enabling enterprises in the 21st century for the mobile and cloud-connected enterprise.

“I am extremely excited to be joining the Authomate team. The fundamental capabilities of Authomate are, at their core, game changing.” Jeff also notes, “Authomate is enhancing the user experience through simplified access, while also providing greater assurance that what is most critical to the user is secure.”

John Lloyd, as the new Chief Sales and Marketing Officer, is responsible for all revenue generation, market development, client and partner relationship management that will drive the company’s near and long-term growth strategies. John’s responsibilities extend to being a member of the company’s board of directors, with oversight of the company’s formation and funding, and an advisor to the product development team. He has held various executive sales and operational management roles, most recently spearheading global sales at Zero Motorcycles, where launching new technologies and services into new and emerging markets was critical to the company’s success. His extensive experience, including multiple industries and international markets, will serve Authomate well in initiating and sustaining growth.

“This is a great opportunity to help launch a new company that will make a significant impact to how people and companies secure their access to their many web sites and digital media on a daily basis,” said John Lloyd.  “The core team we have assembled is well grounded, complementary to one another, and driven to bring Authomate’s solutions to the world market. Our business experience and alignment ensures that we will deliver the strongest authentication solutions possible while reducing all of the complexity. “

Authomate Inc. is a New Jersey based startup, led by a seasoned team with many years of experience in building and delivering world-class network security products and solutions. Authomate’s authentication platform provides true multi-factor security, delivering protection and convenience to consumers and more secure transaction capabilities for companies.

For more information, please visit our web site at http://www.authomate.com, or follow us on Facebook at https://www.facebook.com/AuthomateInc

A Password Guide: Tips to Create a Strong Password

Password box on a webpageIt’s no longer a question of if you will face an online attack, the question is when? Many people are convinced their data is secure as they are using what they consider to be a complex password. They are often mistaken.

There are now freely available password crackers that can tackle passwords up to 55 characters long, passwords that are far more complex than most of us are using. Here are some top tips on how to create a strong password and avoid getting hacked.

  1. Password length – stick to passwords that are at least 8 characters in length. The longer the password, the longer it will take a hacker to guess.
  2. Password complexity – ensure your password contains one lower case letter, one upper case letter, one number and one special character. This will make your password a lot stronger and harder to crack. Avoid using names of family, friends or pets. Don’t use personal information such as date of birth, phone number, street name or house number and do not use consecutive letters, numbers, or keys on the keyboard such as ‘qwerty’.
  3. Use a passphrase – in order to remember your passwords, use a passphrase. For example, use the first letter of each word in a line of your favourite song. ‘Always look on the bright side of life’ could be converted to ’Al0tbs0L!’, a strong password using the four complexity indicators. Don’t simply use number substitutions for letters eg.passw0rd this is far too simple for an advanced hacker.
  4. Use a password manager – many people avoid using complex passwords are they are often hard to remember. Using a reliable password management tool to store passwords is essential. When you create a password, enter it into the password manager which will encrypt it and store it for you. Many of these software programmes are free, easy to use and work on both Windows and Mac.
  5. Create unique passwords – it’s very tempting to use one password for your email accounts, another for your banking, and one for all of your social media accounts. A study by BitDefender shows that 75% of people use the same password for their email as they use for their social media accounts. If this password was discovered and it was also used for their online banking or Paypal account this could result in financial theft.
  6. Change your password for all accounts every six months – the longer your password has remained the same, the more time a hacker has had to crack it. It is recommended to change your passwords often, at least twice a year but the more often the better.
  7. Never write down your passwords (except in a password management tool of course) – this includes both paper and emails. Writing down your strong password is almost as bad as having a weak password and not writing it down at all.

To be extra secure, download Strong Pass now

Authomate Inc Announces Patent For New Authentication System That Will Simplify Security And Bring Authentication To Every Day Life

Authomate Inc is pleased to announce that it has recently been issued US Patent No. 8,763,097 entitled “System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication”. The patent issued by the United States Patent and Trademark Office has 25 claims providing a new out-of-band multi-factor authentication system with a very wide array of applications.

This patent is at the heart of Authomate StrongPass which is the easiest to use, user login/password management service. “With a radically different approach to authentication, this solution is a unique blend of strong security and ease of use.  The authentication is performed using the mobile phone network with no need for the user to remember any passwords” said Piyush Bhatnagar, Founder and CEO of Authomate Inc. “Your personal data is safe when you use Authomate. It is strongly encrypted and stored on you smart phone. No one else can access your data, even if you lose your phone”. “The Authomate Servers never sees your personal data”, he added.

Authomate INC, based in New Jersey, is built by a team with decades of security, infrastructure, defense and intelligence experience who have collaborated to create this patented authentication technology. Authomate is building an authentication platform to provide true multi-factor security and convenience to consumers and secure transaction capabilities for companies.

Successful Crisis Management: The Evernote Hack

evernote-logo-designAs data theft is on the rise it must be assumed that sooner or later, if you have data someone wants, your systems WILL most likely be compromised. It is important to put up strong defenses but it is even more critical you have a crisis management plan when things go wrong. 

With social media comes a whole new set of rules for your organization’s crisis communications and crisis management. We’re often given opportunities to learn about social media crisis management through the highly visible fallout from the experiences of others. How a company takes action and manages a hard-hitting crisis often gives customers a more honest insight at how they are run than any meticulously crafted press release could.

Evernote Crisis Management

Evernote, the online note taking service, suffered a serious security breach in March 2013 involving the theft of usernames, email addresses and encrypted passwords of up to 50 million users. Luckily, no payment details were stolen, and according to the company the hackers were not able to access notes that users had stored on the Evernote service. So, how did they manage the crisis and what lessons can be learned?

What went well? Open Communication 

Almost immediately, Evernote communicated with their users on Twitter, through a blog post and an email stating that their security team had “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.” They also suggested all users reset their Evernote account passwords.

They advised users to choose a strong password and to be suspicious of reset password links sent to users via email. They also advised users to ensure that they did not use the same password on multiple sites. Within 24 hours they had updated (at least their Apple iOS app) to focus everyone on resetting their password.

Attentive Evernote reps responded to irate users on their site and carefully explained what was happening throughout the process. Some users praised the company for their transparency and timely communications and voiced their support. However, many complained they didn’t receive the notification email because they no longer had access to the email account they used to sign-up with the service.

Lessons Learned: What could have been handled better?

Although there was a blog post on the Evernote website, nothing was actually posted on the Evernote homepage. There was also an evident lack of post-hack communication.

A week after the event, there had been no blog update or further emails about what had happened, what they had subsequently done to improve security, or any attempt to diffuse the on-going comments. Initially many users asked about implementing two-factor authorization, used by Google to provide extra security for its users. However there was no immediate response. Evernote should have answered any FAQs and taken the opportunity to welcome feedback from users, making their crisis communications a two way process, which is often the best way to learn and adapt.

Do you have a crisis management plan in place? and if the answer is NO, it is about time you put one in place !

Strong Authentication in Consumer World – The Time Is Now

TREMENDOUS GROWTH

Last 20 years have seen a tremendous growth in technology and computing. What used to be experimental technology for the selected few to try and admire, is now mainstream. Most people today have Internet access and have online accounts to multiple service providers. Many have more than one email account and access online bank accounts. Today existing worldwide emails exceed 3.5 billion in number with over 150 Billion email messages sent across each day. This unprecedented growth of the Internet has spurred demand for secure, convenient, and private access to the Internet, both for consumers as well as corporate entities.  The ubiquitous access to online resources has also led to identity theft and billions of dollars of loss to consumers and corporations.

Image

According to Symantec, over 70% of these emails are spam and according to Dr Dobbs, about 500 million of these emails per day are phishing attempts. Last year alone there were 11.1 million Americans who were victims of identity theft leading to more than $54 billion dollar in losses, which was an increase of 34% from the previous year. A large part of this increase is due to online fraud. Besides the monetary loss, consumers lose confidence and are less likely to conduct online transactions.

There is an increasing threat of ID theft and various forms of cyber attacks, which lead to loss of billions of dollars and loss in consumer confidence. Businesses are losing money due to fraud.

SIMPLE PASSWORDS NOT SAFE ANYMORE

Password based authentication is used to verify user identity prior to granting access to specific computer, network, or Internet services and has been the primary means of authentication mechanism since the beginning of the internet. Passwords are very convenient to use, but in today’s world they give a false sense of security and they no longer provide adequate protection from hackers. Passwords can be compromised. Since most people pick passwords that are easy to remember, they are easy to guess as well. Even if the user has picked a complex enough password, programs like keystroke loggers, stealthily installed on user machines by Hackers have been used to steal/break passwords. In addition, users often write passwords down in a notebook or save them into files on their computers on in the cloud, making them vulnerable. Many users also have a tendency to use the same password for as many accounts as possible so that they don’t have to remember many passwords. In such cases, if one account is hacked/breached, all accounts become vulnerable.

Off late a number of password management solutions have come up. A password manager is software that helps users manage their user ids and passwords for various accounts. Most password managers though are glorified form fillers. They manage your accounts in separate application that works with browsers and fills up the login/password automatically or on demand. Portability of the accounts can be an issue as well. Some work with cloud technology and store password in the cloud, which exposes it to potential security breaches as well. Although the password managers make password management easier, they still do not enhance the security of online accounts.

STRONG AUTHENTICATION

Multi-factor authentication requires the use of two ore more of the following three authentication factors:

  • Something you know (examples: password, PIN, pattern, gesture)
  • Something you have (examples: smart card, mobile phone)
  • Something you are (examples: biometric characteristics such as fingerprint, voice match, face match).

To mitigate the risk of ever increasing thefts and breaches, corporate world has adopted strong authentication and almost all enterprises use some form of multi-factor authentication. These mechanisms are inherently more secure but are prone to high Total Cost of Ownership and are limited to enterprises in use.

Despite many attempts to bring strong authentication to mass market, it has failed to capture the imagination of the users. Companies like Google, Yahoo and Facebook have introduced soft tokens and SMS based OTP delivery mechanisms, but these techniques are vulnerable to man-in-the-middle and man-in-the-browser attacks as well have more complex usage models thereby slowing down the adoption rate. Due to a more complex use model, for now, the use of MFA is restricted to password resets and periodic verification only.

The biggest stumbling block for mass adoption of multi factor authentication in consumer space is the ease of use and most sites today continue to rely on simple password based authentication.

CONCLUSION

For any authentication solution to be acceptable by the masses it must be easy to use as well as easy to deploy, how so ever strong and secure it may be.  In addition the solution should be flexible enough to work with multiple online service in a seamless manner without a forklift upgrade or major rework on each of the online services. If any solution increases the complexity of the user experience; it will not get a wide enough adoption for it to be economically viable.

With increasing complexity, maturity and sophistication of attack tools and methods available to the hacker, as well as growing adoption of cloud services necessitate the need for use of strong authentication as the mechanism for user authentication in consumer space.  The time is now.

This article appeared in print and online versions of September 2013 issue of Silicon India