FAQs
What is GrIDsure?
GrIDsure is a simple to use but very secure method by which someone can prove their identity or say "It's me!" to other people over the web, or machines such as computers, ATMs, tills etc. - without additional hardware (e.g. "code-generators" such as tokens or "CAP" sleeve readers).
How does it work?
A full explanation is provided here.
Can any age group use GrIDsure?
Yes it is, one of our customers is using GrIDsure as a login to a social networking site aimed at the over 50’s. Part of its research involved testing its ease of use with elderly people in a care home. They found that all the subjects in the test grasped the concept very quickly. top
Can it replace all passwords and PINs?
It certainly has the potential to do so. A GrIDsure "secret" can be used wherever a conventional user code or password would normally be employed for logging in etc., on ANY system or device (as long as a GrIDsure grid can be shown). It takes up no more space, character-for-character, than a "conventional" password on an authentication database, and it is extremely easy to implement. For these reasons, we believe GrIDsure is the future for a great deal of human-machine interaction, where the user has to prove his/her ID, authorisation or consent. top
How strong is GrIDsure, compared to passwords and PINs?
Independent experts have shown that a four digit GrIDsure PIN is significantly more secure than a standard PIN and like-for-like more secure than a standard password. top
Why a pattern rather than numbers or passwords?
Another strength GrIDsure has is that it's much easier for the human brain to remember graphical shapes, instead of a "cold" string of numbers or letters. The drive toward longer and more complex passwords over the past few years has become counter-productive as people simply cannot remember them and so they tend to get written down on scraps of paper and left put where others might find them.
Shapes are easy to remember so there is no need to write them down. top
What about the mathematical strength?
Many experts have looked at GrIDsure and all who've done so agree it greatly "raises the bar" against fraudsters. Based upon a number of models compiled by a Cambridge Professor of Mathematics, GrIDsure is thought to be about 100 times more secure than a traditional PIN.
It is possible to increase the size of the grid or the length of the Personal Idenification Pattern (PIP) and achieve much higher levels of security without any real increase in workload for the user.top
Can a fraudster work out my PIP if he sees me inputting a code?
Depending upon how GrIDsure is deployed the chances of someone working out your PIP range from “extremely difficult” to “virtually impossible”. If the grid is displayed on the same device as the keyboard then it would require the fraudster to observe the grid AND the numbers being typed at the same time, he would then need to see several entire transactions and then require a good amount of analysis. Compare that to a standard PIN or password, if that’s observed just once then the security is breached. One of the main difficulties for a fraudster is that the numbers are repeated more than once on the grid and so observing the numbers being typed in does not give away the pattern.
But there are other factors to remember here.
1. GrIDsure is NEVER EVER implemented on touch screens, so someone won't work out your PIP from cells being pressed on screen
2. GrIDsure can be deployed in such a way that the device displaying the grid is separate from the one on which the PIN is entered, for example you could use a disconnected mobile phone to generate a grid which you can then use to generate a passcode for a web transaction. In this situation someone eavesdropping your internet connection will only see the one-time PIN being typed in so he has no chance of working out your PIP. top
What happens if my GrIDsure secret is compromised?
In the unlikely event this happens, you'd just be asked to re-register your PIP - exactly as you'd set up a new password if your old one is compromised. top
How can I register my PIP securely?
There are several ways to do this, some examples include
- For a banking or credit card application you could do this over the counter at a bank, at an ATM or your bank could send you a new one in the post.
- Online via a secure connection
- Each GrIDsure product will have its own methods for registering the PIP which will be clearly explained top
Will GrIDsure help fight software threats like spyware, key-logging, screen-scraping and Man-In-the-Middle attacks?
GrIDsure can be used as an ‘ingredient’ in a wider security strategy to make life much more difficult for the fraudster and significantly reduce the threat.
There are a number of different ways in which GrIDsure can be implemented depending on the threat level. There are GrIDsure products which will the above issues.
For example, if you needed to login on an "insecure" computer. A GrIDsure application on a mobile phone could act as a high-security code generator. Key-logging/screen-scraping wouldn't help the fraudster one bit. Your phone would become a kind of "super token" as even if a thief stole it, he couldn't read the code. Because only you know the PIP, only you can read the code!
For man-in-the middle attacks, we do have a variety of methods using ‘out-of-band’ techniques which will thwart such attacks. top
Can I use one GrIDsure secret or PIP for several credit cards or accounts?
Yes you can. We believe its high security nature means GrIDsure is safe to use with multiple card accounts, or anything else within reason. At the end of the day, GrIDsure is a tool designed to protect your personal assets, and how you use it is entirely up to you. Use it well, and it'll serve you well. But like any security system it can be mis-used, or its security lowered by unthinking actions. top
Can GrIDsure be used for mobile phone-based applications?
A GrIDsure code is an ideal way for a phone user to authenticate himself for example with M-banking applications. GrIDsure technology can be used to replace PINs on mobile phones. top
How does GrIDsure fit alongside other systems like token code generators, or biometrics?
As it's a new "weapon" in the fight against ID theft and online fraud, GrIDsure fits well alongside anything, including biometrics by creating an additional security layer or "factor". top
We have a large organisation with employees logging in currently using tokens. How can GrIDsure help?
GrIDsure have a number of solutions for the corporate market, whether for a PC login replacement, remote VPN login or access to any other IT resource. top
I am disabled, how can GrIDsure help me?
In developing GrIDsure we have been very conscious of the needs of disabled people.
One of the key features of the technology is that the PIN numbers that it generates are one-time, in other words you can safely tell someone a GrIDsure code knowing that they will not be able to use that same PIN again.
Using a Point of Sale scenario as an example, if you had difficulties with using a keypad you could pay for goods at a checkout with a credit card and rather than type a PIN in yourself you could read off your one-time GrIDsure code and ask a friend, carer, or even a shop assistant to type them in for you.
In discussions with the Royal National Institute for Blind People and other organisations, it has been found that we believe that with the aid of a text-to-speech device it would be possible for many blind people to select their one-time GrIDsure PIN from a set of numbers spoken to them.
In the UK alone there are about 500,000 people who are largely housebound. GrIDsure’s simple and secure process for authenticating web login or making web payments would offer greater security for this important sector of society. top
How else can GrIDsure be used?
The possible uses for GrIDsure are endless, just think of all the places where you need to use a PIN or a password. We see GrIDsure being ideal for almost any area in which people have to prove their identity, or authorisation or consent. It's ideal obviously for things like secure web access for banking etc., extending into making credit/debit cards safer to use, e-commerce etc., - but also anywhere combination locks are used now (safes, premises, doors). Ultimately we envisage GrIDsure making Chip and PIN more secure wherever it's deployed. In fact we can imagine GrIDsure enabling "Chip and PIN over the web". top
Is GrIDsure suitable for children to use?
We have worked closely with the education sector and have developed a number of solutions for schools including a Microsoft Windows login replacement using GrIDsure.
In our own trials conducted at a school we found that the students grasped the concept quickly and easily and many commented on how much more secure they felt in using GrIDsure compared to a standard password.
Children as young as 6 or 7 have found GrIDsure easy and ‘fun’ to use. Furthermore since the GrIDsure secret or ‘PIP’ does not involve any disclosure of any personal information or biometric data it gives parents the reassurance that their child’s personal ID is protected. top
