A revolutionary new system designed to keep hackers out of Britain’s burgeoning cloud-computing sector is being offered free of charge to UK registered charities, in a trend-setting move worth £millions to the Third Sector.
The creators of pin+, designed to replace all passwords, PINs and hardware tokens, hope to spark a new trend by socially responsible companies wishing to kick-start widespread use of new technologies.
Millions of user licences are on offer which would for the first time allow the UK’s 13m+ charity volunteers to log in securely to their organisations’ networks, and could in addition enable stronger “two factor” authentication to be offered to all 608,000* charity staff in the UK.
“On paper the provision of two-factor authentication to that many staff would normally cost anywhere from three to thirty million pounds a year, and if someone were then to charge ‘market’ rates to give 13.2m volunteers secure login facilities, it would be off the clock cost-wise – but we’re extremely happy to gift this to the Third Sector and to see this revolutionary technology helping to protect Britain’s charities,” said Jonathan Craymer of pin+.
“There’s no hidden agenda in doing this. We’re not going to suddenly start charging later. We just want the charity sector to benefit. Our job at this point is to get this ‘out there’ as quickly as possible and offering it to the charity sector at no cost creates a terrific win-win.
"pin+ is a successor to out-dated fixed pass-codes, which have been rendered useless by hackers. We hope organisations struggling to protect their precious data with fixed passwords will find this a God-send.
“As it’s entirely software based, pin+ will allow millions of staff, donors, supporters or even customers to log in securely. Hardware-based systems cost too much to cope with these kinds of numbers and could never be this scalable. When we do start selling this to commercial organisations, pin+ licences will cost just pence per user per year for substantial numbers."
One of the reasons it’s so economical is that pin+ works on whatever device the user is on at the time – PC, laptop, tablet, phone, (and eventually it’s hoped tills and ATMs) – without additional hardware, just using a small matrix of squares in a standard interface. Random numbers appear in each square and if users have pre-chosen six of them (perhaps using a pattern or shape as an aide memoire) they’ll be able to read off new codes each time – in other words fresh combinations of numbers appear in ‘their’ squares - for each login.
“The concept of having a ‘secret’ set of cells in what appears to be a jumble of characters is not new and goes back to Roman times,” explained Steve Hope of pin+ technology partner Winfrasoft.
“That’s just the bit on the surface that people see. However under the hood there’s a lot more going on. Patent-pending pin+ is almost totally about creating strings of numbers in a secure and consistent way. This is a true one-time code system – codes can’t be used again even a fraction of a second later – and we’ve introduced a number of enhancements such as the ability to insert a static PIN into users’ 6-digit codes.”
pin+ creates a true ‘anytime, anywhere’ website or portal login experience without the need for additional hardware - with the matrix being sent to the user’s screen – or it can be deployed as part of an even stronger two-factor ((2FA)) solution using a soft token on the user’s mobile or the computer desktop (so the computer becomes [or rather contains] the token!).
It can also be used in ‘2.5 factor’ mode, where information from the device is stored on the server, and a unique seed is created for the soft token, locking in each device as part of the login process.
“pin+ will answer all kinds of authentication problems, such as giving customers assurance that enquiries from call centres are genuine,” added Craymer.
“In our humble opinion this completes the development of the Web, which was never intended for things like e-commerce. Doing so many things online or on the phone these days means we no longer know who we’re dealing with. pin+ will help to redress the balance.
“Charities and voluntary organisations have a huge need now banks and other financial institutions have tightened up security, making some charities tasty-looking big targets for criminals. Many hold millions of supporters’ card details, but paradoxically often use older equipment with less-good protection.”
pin+ is offering unlimited numbers of user licences at no cost to UK registered charities without time limit. Only those costs incurred in setting up the system – which thanks to a comprehensive Software Development Kit should be quick and simple - will need to be covered (including items such as bespoke coding, support, appliances etc.) (Note: in many cases organisations’ existing servers running MS Active Directory can be used – the pin+ SDK contains a version of AD with pin+ embedded.)