divider

PassWindow News

PassWindow has been nominated as one of the twelve finalists for the 2010 Asian Innovation Awards! Presented by the Wall Street Journal in partnership with Credit Suisse, the Asian Innovation Awards are committed to finding the next big ideas in Asia.

One finalist will be highlighted each week for the next twelve weeks, and the winners will be announced in November. Stay tuned!

Simple and secure online authentication

PassWindow is the most cost effective, secure, and easy-to-implement authentication solution on the market today.

PassWindow is:

  • An incredibly simple, yet also extremely secure dynamic password solution
  • Free from client hardware or software, requires no batteries and cannot malfunction
  • Able to securely authenticate the client to the server AND the server to the client
  • Able to transmit transaction information securely to the user through the visual challenge
  • Secure against trojans, viruses, phishing, keyloggers, social engineering, and MITM attacks

PassWindow has been evaluated in an independent whitepaper.

How does it work?

  • PassWindow is a unique key pattern printed on a transparent section of a standard identity card.
  • Users simply hold their card over a generated pattern image on any display to reveal a new series of digits – a single-use password.
  • Users enter this new unique password to authenticate securely.
  • Unusual monitor sizes are easily handled with a simple adjustment of the challenge image which is then saved to a cookie or user database. Try it yourself!

Potential applications

PassWindow can be used whenever strong, cost effective, and secure authentication is required:

  • Online banking; online cloud-computing services; online shopping
  • User logins; online membership
  • Document authentication
  • Product packaging for customer authentication
  • Payment cards, identity cards, medicare cards, company cards, club cards, gift cards, prize cards, political voting cards...

Security benefits

PassWindow on mobile phone
Works easily on any display
  • Flexible dynamic passwords, secure against keylogger, dictionary, and over-the-shoulder attacks
  • No password memorization needed by the user
  • Simple to integrate with any online membership system
  • Usable on ubiquitous Internet connected displays, PCs, laptop, mobiles etc. – no remote hardware or specialized software required. Works on any operating system and all local browsers
  • In case of a natural emergency, PassWindow can continue to operate without Internet, communications, or even electricity. Users simply authenticate off printed challenge patterns using their same card keys.
  • Incredibly flexible security and usability – there are a myriad of possible implementation styles to suite your security needs.
  • Scalability of password strength on the fly by simply modifying the screen challenge complexity without needing to reissue a user key. Unlike other authentication methods, this leaves a potential attacker with no clear target point.
  • Highly resistant to social engineering attacks – the visual aspect to the key pattern makes it difficult or impossible for users to compromise the key pattern to an attacker online or over a telephone in comparison to token PINs, printed or memorized passwords.
  • Phishing deterrent: Regain email communication with your customers by including a PassWindow pattern image that will authenticate the email message specifically for that customer. Phishing attackers are unable to generate these legitimate challenge patterns.
  • More secure than electronic tokens, able to embed specific transaction types and values into challenge images alerting users to a man-in-the-middle attack.
  • Eliminate dangerous USB ports from your secure business environment, USB ports are increasingly used as a network attack vector as well as enabling information theft.
  • No need to redirect the user away from your website for third-party verification – PassWindow challenge patterns are delivered directly from your own secure web server.
  • Easily works alongside existing ID card technologies, such as RFID, smartcards, and magnetic strips.
  • Limited viewable angle of the code protects against third party visual observation.
  • A tinted or transreflective optical coating over the pattern obscures discrete third-party photography of the key pattern.
  • Excellent fallback protection for security questions, which are currently the weakest security link in many authentication systems.
  • Extremely cheap dynamic password system – standard PVC ID cards with transparent sections can cost less than a few cents per user. Integration costs into existing card based systems are practically zero.
  • Cheap and simple to deploy or replace remote user keys in person, through regular mail or electronically using a print and stick system. User cards can be delivered by regular envelope for a fraction of the cost of delivering a bulky device package. Unlike the case with OTP hardware tokens or biometrics, it is cheap and simple to replace the user's lost or compromised key.
  • Extremely durable, no flexing problems with internal electronics, waterproof and pressure proof.
  • Unlimited working life – lifespan is not limited to battery life.
  • No expensive dedicated electronic hardware tokens required and protection against the myriad of associated electronic vulnerabilities
  • Service providers can easily manufacture their own highly secure user authentication tokens in house. Ordinary printing technology enables providers the ability to keep the entire supply chain within their own security network without relying on 3rd party manufacturers.
  • The user's thin card is easily kept safely within a regular wallet or purse along with their regular identification cards – a far more difficult target for casual interception than if it were loose or dangling on a keychain in public view
  • Unlike SMS-based authentication, your codes are delivered securely over SSL directly to your client, not over unreliable third party telecommunications networks
  • With most software and hardware authentication systems being beyond the understanding of the average user, authentication acceptance and online trust levels are low – PassWindow provides a security mechanism that even children can easily understand.
  • Learn more about PassWindow's security features...
divider