Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/28/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Patent Eliminates Passwords

Patented technology from TextPower verifies your identity while simplifying website logins; introduces SnapID(TM) that replaces usernames and passwords

SAN JUAN CAPISTRANO, CA., January 28, 2015 – Today on National Data Privacy Day, TextPower announces that the company has been granted an important patent for a “text messaging authentication system” that is the basis for the company’s TextKey™ platform. Websites using the TextKey™ platform will offer their users higher security, easier logins and less hassle and save themselves from the most common cause of customer support calls – lost login IDs and passwords.  TextKey™ will significantly reduce enterprise or e-commerce website operating costs and inoculate them against the most common forms of hacking: social engineering, password theft, key loggers and phishing schemes. 

Unlike commonly available authentication systems TextKey™ users send a simple text message (SMS) from their cell phone to authenticate their identity. Through this one simple text message, multiple factors are authenticated using the patented technology forming a highly secure barrier to hacking.  The TextKey™ system also employs a secure connection, completely outside the browser environment, that eliminates man-in-the-middle attacks making it significantly more secure than any other SMS-based two factor authentication technologies.  Without physical possession of the authorized cell phone and knowing the user's personal PIN, identity thieves cannot login to an account using someone else's credentials. 

“What an appropriate day to receive a patent for our authentication technology and announce our one-step secure login product, SnapID™,” said Scott Goldman, CEO of TextPower. “SnapID™, a new product based on our patented TextKey™ platform, eliminates the need for both user IDs and passwords.  No more remembering, typing, managing or resetting passwords.  No more lists, sticky notes or password managers to handle the dozens of login credentials we all use everyday.  To login, users 'just text it'."

SnapID™ doesn’t just solve the password problem – it eliminates it and will fundamentally change the way people login to websites, use ATMs, buy pay-per-view movies, checkout at cash registers and any other process that requires identification and authentication.  Cell phones have already replaced address books, cameras, calculators, boarding passes, navigation systems, music players and even heart rate monitors.  By using them to send a simple text message they can now replace userIDs, passwords, authentication tokens, USB keys and the ubiquitous – and reviled – login box on every website.

A SnapID™-enabled website will have a “Login with SnapID™” button along with the traditional username and password fields. Visitors who have registered for a free SnapID™ account will simply click that button; a one-time password then appears on their computer screen. The visitor sends a plain text message with the one-time password from their registered cell phone (which doesn’t need to be a smart phone) and they are then logged in securely.  Logging in takes about as long as it takes to send a text message and is explained in this 2-minute video: https://vimeo.com/107771091
For more information on TextKey™, visit http://www.textkey.com. To register for SnapID™ and check out the demo, visit http://www.snapid.co or text “NoMorePasswords” to 81888. 

About TextPower, Inc.
TextPower, Inc. provides alerting and authentication solutions to a variety of industries worldwide using text messaging (SMS). The company's software and text messaging services help companies enhance their revenues, decrease costs and improve customer service. TextPower's patented authentication technology (Patent No. #8943561) replaces tokens or security fobs previously needed as a second factor of authentication to verify the identity of online users for password-protected applications. TextPower's mission-critical infrastructure employs geo-redundancy for the industry's highest reliability, providing delivery to virtually every cell phone in the United States and connections to most recognized wireless operators around the world. Visit http://www.TextPower.com, email [email protected] or call 888.818.1808 for more information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ScottJGoldman
50%
50%
ScottJGoldman,
User Rank: Apprentice
1/29/2015 | 7:24:14 PM
Re: What's so bad about passwords?
FULL DISCLOSURE: I am the co-founder and CEOMof TextPower, the company mentioned in this article that developed the patented technology. To be clear, our system does use a cell phone to send text messages but there are also other aspects to the patent. The pertinent fact, though, is that the cell phone transmits a critical and unique piece of information about itself when it SENDS, but not when it receives, a text message. Passwords are yes, easily implemented, changeable, recoverable, etc. The problem is that they are also easily compromised, forgotten and guessed. Imagine that you had a personal keypad that could log you into any website. You'd never have to choose, remember, record, reset or type an ID or password ever again. You'd just type a few numbers on the keypad and hit "enter" and the magic behind the keypad would identify you and authenticate you all in one step, That's what SnapID does - your cell phone is that personal keypad and the patented technology is the magic.
HAnatomi
50%
50%
HAnatomi,
User Rank: Apprentice
1/28/2015 | 9:36:28 PM
We cannot live without the likes of passwords.
Some people shout that the password is dead or should be killed dead.  The password could be killed, however, only when there is an alternative to the password.  Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password.  Neither can be something that has to be used together with the password (biometrics, auto-login, etc).

At the root of the password headache is the cognitive phenomena called "interference of memory", by which we cannot firmly remember more than 5 text passwords on average.  What worries us is not the password, but the textual password.  The textual memory is only a small part of what we remember.  We could think of making use of the larger part of our memory that is less subject to interference of memory.  More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.
MrKlingon01
50%
50%
MrKlingon01,
User Rank: Apprentice
1/28/2015 | 1:40:22 PM
What's so bad about passwords?
Yes, I know - I deal with compromised accounts and passwords every day - but I don't see how someone gets a patent for a system that requires a user has a cellphone. Passwords are easily implemented, easily changed, revoked and can be shared when you need to delegate authorization - this isn't a bad thing. 
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16319
PUBLISHED: 2019-09-15
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
CVE-2019-16320
PUBLISHED: 2019-09-15
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
CVE-2019-16321
PUBLISHED: 2019-09-15
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
CVE-2019-16317
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
CVE-2019-16318
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.