About Piyush Bhatnagar

Piyush Bhatnagar is the Founder and CTO of Authomate Inc., an early-stage security startup. He a seasoned technology executive, entrepreneur and consultant with over 20 years of experience in technology development and management at companies like AT&T and Bank of America.

How To Prevent Cyber Security Risks In Your Business

13 Authomate Blog 13 - ImageGovernment, private industry and individuals all face a growing threat from cyber attacks. The attacks can come from foreign security services, terrorists, criminal groups or individual hackers. Successful cyber attacks can steal government and private information, cause damage to our computer systems, create disruptions, deny service and shut down our power grids nationwide. In recognition of the growing threat, government and private industry are both working towards a better defense of our vital computer systems. According to Department of Homeland Security (DHS), the 24-hour, DHS-led coordinated watch and warning center is working diligently with industry leaders to improve national efforts to address threats and incidents affecting the nation’s critical information technology and cyber infrastructure. But what can you do locally to protect your business?

  • Be aware online. Do not open unsolicited e-mails or visit links you’re unsure of.
  • Keep Web browsers and operating systems up to date.
  • Encrypt your important files before backing up to cloud storage facilities (like Dropbox), CDs, thumb drives or external hard drives at least once a month.
  • Use security software tools as your first line of defense. Many companies specialize in cyber security software, and this is something which should be a standard part of your IT budget.
  • Learn what to do if something goes wrong. Even if you are careful, your computer could be compromised, so make sure you know who to contact if you’re concerned or something happens.

The important thing is to be aware that anytime any day, people may be trying to compromise your networks and data, so be aware and take steps to prevent access at every opportunity.

Authomate Inc. Announces New CEO and Expansion of the Executive Team

Authomate Inc. is pleased to announce Jeff Schmidt as the company’s new President and Chief Executive Officer and John Lloyd as the new Chief Sales and Marketing Officer, effective January 16, 2015. Authomate’s expansion of its executive management team is a strategic move to strengthen and support the company through its next stages of hyper-growth.

untitledPiyush Bhatnagar, the founding CEO of Authomate Inc. will continue as a member of the executive team, in the new role of Chief Technology Officer and Senior Vice President of Engineering. In this new role, Piyush will be leading innovation at Authomate, developing the short/long term product vision and the execution of product development/delivery. “As Authomate starts a new phase, Jeff and John bring the expertise needed to help take the company to the next level. I am extremely pleased to have them as part of our executive team.” said Piyush. “They share the Authomate vision and commitment to bring rigorous authentication to every aspect of every day life”.

As the President and CEO of Authomate, and President of the Authomate board, Jeff Schmidt is responsible for establishing the vision of the company, as well as developing and executing the growth strategy to drive employee, client, and shareholder value. Before joining Authomate, Jeff was the Chief Operating Officer of SQS North America. He has been at the center of innovative technology leadership throughout his career and has a passion for security solutions. In his work at British Telecom (BT), he led the development of “visual analytics” for intrusion detection, and the early adoption of managed cloud-based security solutions, aimed at enabling enterprises in the 21st century for the mobile and cloud-connected enterprise.

“I am extremely excited to be joining the Authomate team. The fundamental capabilities of Authomate are, at their core, game changing.” Jeff also notes, “Authomate is enhancing the user experience through simplified access, while also providing greater assurance that what is most critical to the user is secure.”

John Lloyd, as the new Chief Sales and Marketing Officer, is responsible for all revenue generation, market development, client and partner relationship management that will drive the company’s near and long-term growth strategies. John’s responsibilities extend to being a member of the company’s board of directors, with oversight of the company’s formation and funding, and an advisor to the product development team. He has held various executive sales and operational management roles, most recently spearheading global sales at Zero Motorcycles, where launching new technologies and services into new and emerging markets was critical to the company’s success. His extensive experience, including multiple industries and international markets, will serve Authomate well in initiating and sustaining growth.

“This is a great opportunity to help launch a new company that will make a significant impact to how people and companies secure their access to their many web sites and digital media on a daily basis,” said John Lloyd.  “The core team we have assembled is well grounded, complementary to one another, and driven to bring Authomate’s solutions to the world market. Our business experience and alignment ensures that we will deliver the strongest authentication solutions possible while reducing all of the complexity. “

Authomate Inc. is a New Jersey based startup, led by a seasoned team with many years of experience in building and delivering world-class network security products and solutions. Authomate’s authentication platform provides true multi-factor security, delivering protection and convenience to consumers and more secure transaction capabilities for companies.

For more information, please visit our web site at http://www.authomate.com, or follow us on Facebook at https://www.facebook.com/AuthomateInc

Authomate Inc Announces Closing of Pre-Angel Round

Authomate Inc is pleased to announce that it has closed a sizable pre-angel funding round in first week of January 2015. “Ever since the core patent was assigned to Authomate in June/July 2014, there has been substantial increase in investor interest in Authomate and its potential. We spent the second half of 2014, trying to find the right set of advisors and pre-angel investors that will help Authomate and the team to grow. Today I am thrilled that we have secured a sizable pre-angel round and have put the right foot forward to make 2015 a stellar year for Authomate” said Piyush Bhatnagar, Founder and CEO of Authomate Inc.

Authomate exists to simplify security and bring strong authentication to every aspect of your life without any added complexity. Your on-line safety is at the heart and passion of what we do.

Established in 2012 and based in New Jersey, we have a driving goal of providing secure access to what matters most to you, and a passion to defeat the notion that security breaches have become inevitable. Built by a team with decades of security, infrastructure, defense and intelligence experience, we have collaborated to create a foundational and game changing patented authentication technology.

More exciting news coming soon.
Follow us at www.authomate.com or https://www.facebook.com/AutHomateInc

A Password Guide: Tips to Create a Strong Password

Password box on a webpageIt’s no longer a question of if you will face an online attack, the question is when? Many people are convinced their data is secure as they are using what they consider to be a complex password. They are often mistaken.

There are now freely available password crackers that can tackle passwords up to 55 characters long, passwords that are far more complex than most of us are using. Here are some top tips on how to create a strong password and avoid getting hacked.

  1. Password length – stick to passwords that are at least 8 characters in length. The longer the password, the longer it will take a hacker to guess.
  2. Password complexity – ensure your password contains one lower case letter, one upper case letter, one number and one special character. This will make your password a lot stronger and harder to crack. Avoid using names of family, friends or pets. Don’t use personal information such as date of birth, phone number, street name or house number and do not use consecutive letters, numbers, or keys on the keyboard such as ‘qwerty’.
  3. Use a passphrase – in order to remember your passwords, use a passphrase. For example, use the first letter of each word in a line of your favourite song. ‘Always look on the bright side of life’ could be converted to ’Al0tbs0L!’, a strong password using the four complexity indicators. Don’t simply use number substitutions for letters eg.passw0rd this is far too simple for an advanced hacker.
  4. Use a password manager – many people avoid using complex passwords are they are often hard to remember. Using a reliable password management tool to store passwords is essential. When you create a password, enter it into the password manager which will encrypt it and store it for you. Many of these software programmes are free, easy to use and work on both Windows and Mac.
  5. Create unique passwords – it’s very tempting to use one password for your email accounts, another for your banking, and one for all of your social media accounts. A study by BitDefender shows that 75% of people use the same password for their email as they use for their social media accounts. If this password was discovered and it was also used for their online banking or Paypal account this could result in financial theft.
  6. Change your password for all accounts every six months – the longer your password has remained the same, the more time a hacker has had to crack it. It is recommended to change your passwords often, at least twice a year but the more often the better.
  7. Never write down your passwords (except in a password management tool of course) – this includes both paper and emails. Writing down your strong password is almost as bad as having a weak password and not writing it down at all.

To be extra secure, download Strong Pass now

Authomate Inc Announces Patent For New Authentication System That Will Simplify Security And Bring Authentication To Every Day Life

Authomate Inc is pleased to announce that it has recently been issued US Patent No. 8,763,097 entitled “System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication”. The patent issued by the United States Patent and Trademark Office has 25 claims providing a new out-of-band multi-factor authentication system with a very wide array of applications.

This patent is at the heart of Authomate StrongPass which is the easiest to use, user login/password management service. “With a radically different approach to authentication, this solution is a unique blend of strong security and ease of use.  The authentication is performed using the mobile phone network with no need for the user to remember any passwords” said Piyush Bhatnagar, Founder and CEO of Authomate Inc. “Your personal data is safe when you use Authomate. It is strongly encrypted and stored on you smart phone. No one else can access your data, even if you lose your phone”. “The Authomate Servers never sees your personal data”, he added.

Authomate INC, based in New Jersey, is built by a team with decades of security, infrastructure, defense and intelligence experience who have collaborated to create this patented authentication technology. Authomate is building an authentication platform to provide true multi-factor security and convenience to consumers and secure transaction capabilities for companies.

5 Most Common Password Mistakes of 2013

password-cracking-shutterstockUnfortunately in this day and age, password theft is a major issue for many Internet users. All aspects of our viral lives are guarded by the passwords we choose, from our online bank accounts to our email logins. In a bid to make our experience with logging-in to these various sites as easy as possible, many of us use easily memorable, weak and common passwords.

If you identify as one of these people, you are providing hackers with easy access to your private life and secure information. Let’s have a look at 5 of the most common password mistakes of 2013.

1. “Password”

If you have ignored all warning signs for the last fifteen years, and your password still remains as this, it is perhaps the equivalent of leaving your computer outside in the street and simply inviting passers-by to empty your bank account. In a security breach of RockYou in 2009 (they settled with the FTC in 2012) revealed 61,958 users were using “password”. Don’t be lazy. It might be easy to remember but it is a far cry from fool proof.

2. Strings of consecutive numbers or letters 

The RockYou security breech revealed that 290,731 users were putting the cunning “123456” password into use. Ultimately, a cat could walk across your laptop keyboard and inadvertently gain access to your accounts.

3. ILoveYou

Many people continue to put themselves at risk by using this weak, loving, but weak password. Your computer is not capable of emotion. If this is your password, change it!

4. LetMeIn

A reported 3 million people in 2013 fell short of creating a password too difficult for a seven year old to guess on their first attempt. Really. Hackers are aware of the most commonly chosen passwords and are quick to test when trying to break into your accounts.

5. Sex 

Using a sexual term as a password (I’m not here to judge) unfortunately enters you into a very large group. With over 3 million people reportedly using variations of the term ‘sex’, you can easily be hacked. Don’t run the risk. Put some thought into your password, add symbols and capitalise certain letters to keep those pesky hackers at bay.

Don’t make things simple for hackers. Identity theft is expensive, so don’t run the risk of being the next victim.

Keep yourself secure online: download Strong Pass now

How NOT to manage a security breach crisis

adobe_logo1We’re often given the opportunity to learn about crisis management through the highly visible fallout from the experiences of others. Important lessons can be learned when looking at how a company successfully, or unsuccessfully, responds to a hard-hitting crisis. Everyone makes mistakes and learning from others makes us better prepared to manage a similar scenario ourselves.

Adobe hack

Adobe’s database of over 150 million users was hacked in October 2013, resulting in email addresses, passwords and credit card information being stolen. The identity thieves know which programs specific users have, making it even easier to engage in phishing to get people to download malware disguised as updates. The situation illustrates the growing problem with identity theft and how ordinary people are often the real targets of hackers who target big companies. What is more shocking is the way Adobe reacted.

How did they react?

Adobe first reported the data breach of approximately 3 million customers however this number was then raised to 38 million. The situation then took a turn for the worse when an outside company found the data of 152 million Adobe customers on a site frequented by cyber-criminals.

While Abobe may have needed privacy and secrecy with a breach of this size, responses through snail mail and email were slow. Emails sent to customers warned that data might, or might not, have been compromised and many customers received no communication at all. Even now, three months later, there is no notice of the incident on any of Adobe’s login pages.

Shocking statements emerged such as “Much of what we’re learning about the breach has come from independent researchers not affiliated with Adobe.”

It’s possible that Adobe has limited knowledge about what happened, but the silence after this attack was somewhat shocking to many users and should have been handled with more care by Adobe.

Successful Crisis Management: The Evernote Hack

evernote-logo-designAs data theft is on the rise it must be assumed that sooner or later, if you have data someone wants, your systems WILL most likely be compromised. It is important to put up strong defenses but it is even more critical you have a crisis management plan when things go wrong. 

With social media comes a whole new set of rules for your organization’s crisis communications and crisis management. We’re often given opportunities to learn about social media crisis management through the highly visible fallout from the experiences of others. How a company takes action and manages a hard-hitting crisis often gives customers a more honest insight at how they are run than any meticulously crafted press release could.

Evernote Crisis Management

Evernote, the online note taking service, suffered a serious security breach in March 2013 involving the theft of usernames, email addresses and encrypted passwords of up to 50 million users. Luckily, no payment details were stolen, and according to the company the hackers were not able to access notes that users had stored on the Evernote service. So, how did they manage the crisis and what lessons can be learned?

What went well? Open Communication 

Almost immediately, Evernote communicated with their users on Twitter, through a blog post and an email stating that their security team had “discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.” They also suggested all users reset their Evernote account passwords.

They advised users to choose a strong password and to be suspicious of reset password links sent to users via email. They also advised users to ensure that they did not use the same password on multiple sites. Within 24 hours they had updated (at least their Apple iOS app) to focus everyone on resetting their password.

Attentive Evernote reps responded to irate users on their site and carefully explained what was happening throughout the process. Some users praised the company for their transparency and timely communications and voiced their support. However, many complained they didn’t receive the notification email because they no longer had access to the email account they used to sign-up with the service.

Lessons Learned: What could have been handled better?

Although there was a blog post on the Evernote website, nothing was actually posted on the Evernote homepage. There was also an evident lack of post-hack communication.

A week after the event, there had been no blog update or further emails about what had happened, what they had subsequently done to improve security, or any attempt to diffuse the on-going comments. Initially many users asked about implementing two-factor authorization, used by Google to provide extra security for its users. However there was no immediate response. Evernote should have answered any FAQs and taken the opportunity to welcome feedback from users, making their crisis communications a two way process, which is often the best way to learn and adapt.

Do you have a crisis management plan in place? and if the answer is NO, it is about time you put one in place !

How two-step verification is the way forward

google_two_factor_authentication_heroTwo-step verification, or two-factor authentication is the technical term for requiring something you know and something you have when trying to log into an online account.

Take for example bank ATM machines, with a seemingly easy security system based around remembering a four-digit number. The system hardly sounds like Fort Knox, however think about it, one cannot simply gain access to the account through using the correct PIN code, they must present a physical card as well.  Before access is granted to online logins, websites should take note from the ATM system and ask for two separate forms of verification.

The question is, after the password is supplied, what should the second form of identification be? This could be a code that arrives in a text message to your mobile phone, as it would be difficult for a thief to acquire both your password and your mobile telephone at the same time. If this system, which uses passwords and smartphones in conjunction, were to be used on all limited-access websites then users would be able to use shorter and less complex passwords. Jackpot! No more 12-character upper, lower, symbols and hyphenated passwords would be necessary.

In Nick Berry’s analyses of large databases of hacked passwords to various websites, it was revealed that 3.4 million people use a password that is made up of nothing but 4 digits. Using a PIN code comprised of your birthdate, as a bank user, does not put your account in jeopardy.  The thief would have to guess the PIN code correctly within the first few tries before the system kicks into action and blocks the account. Online however, it is more of a risky business. Using a four-digit password, without a second form of verification, is just about the worst conceivable password out there.

Jeff Atwood, software developer and Co-founder of Stack Overflow, has acknowledged the suggested laborious nature of two-step verification. In a blog, he writes, “Is inconvenient in the same way that bank vaults and door locks are. The upside is that once you enable this, your e-mail becomes extremely secure.” Atwood suggests that ATM designers were onto something, a sense of legitimate security does not derive from a long and complex master password, it derives from two-step verification.

Be even more secure. Download Strong Pass now

How to remain digitally safe while travelling

White-sandy-beaches-in-the-CaribbeanWith an abundance of digital accessories, tablets and smartphones at our fingertips, traveling the globe has never been as easy. Whether it be navigating your way around uncharted territory or staying in touch with loved ones at home, digital devices can relieve some of the burdens that travelling creates.

However, according to a by F-Secure, certain areas of technology require a little more attention to ensure your safety when you hit the road.


While it may be costly, you must always rely upon your mobile network’s data plan while accessing your bank account on your travels. Using public computers and Wi-Fi can be risky and invite eavesdroppers and hackers where they’re not wanted. Banks may use secure connections, but why take the risk? If somebody gains access to your password, your travels could end up being a lot more costly than you had planned.

Public Wi-Fi and Internet cafes. 

As we travel, most of us are drawn into using free Wi-Fi spots to stay in touch with friends and family. However, be aware of the associated risks. Because of the fact these hotspots are public, someone could be spying on your online activity with the help of readily available spyware. Whilst the illusion of privacy is created through the use of your personal device, the fact remains that it is public. Internet cafes and Wi-Fi hotspots are recommended for browsing matter that does not pose any privacy risks, such as browsing the news.

Keeping your data safe. 

Maintain a backup at all times, especially before you set sail on your jollies. The data on your phone is potentially more valuable than the device itself therefore you could use a content synchronization device that allows you to share photos with family and friends while you are away, without needing to use large storage devices. You might also want to check out cloud storage, and share your content with anybody you like.