- Download Now
Confident KillSwitch™ Gathers Actionable Data on Hacking Attempts in Progress, Enabling Businesses to Proactively Defend Against Brute-Force Attacks and Credential Harvesting
SAN DIEGO, CA, August 24, 2011– Confident Technologies, Inc., a provider of image-based authentication and verification solutions for websites and mobile applications, today introduced Confident KillSwitch™, an innovative authentication technology that can positively identify and proactively defend against brute force attacks on account logins, password reset processes, transaction verifications and other authentication requests, collecting actionable data the business can use to halt attempts to compromise web and mobile accounts in real-time.
The use of brute force attacks and the exploitation of easily guessable passwords were responsible for more than half of the major data breaches in 2010.[i] Furthermore, research conducted at Cambridge University revealed that more than 84 percent of top websites including Amazon, eBay and WordPress, do not limit the number of failed login attempts – leaving the sites wide open to brute-force attacks and the guessing or harvesting of usernames and passwords. Confident KillSwitch allows businesses to identify and stop such attacks in the act, whether it’s a brute-force attempt to compromise a single account or a wide-scale attack across multiple accounts on the site.
How Confident KillSwitch Works
When a user first registers with a website, mobile application or other online service using Confident Technologies’ image-based authentication, they choose a few secret categories of things to remember – such as dogs, flowers and cars. Each time authentication is needed, the website presents the user with a grid of random pictures – called the Confident ImageShield. The user must correctly identify the pictures that fit their secret categories to form a one-time password and authenticate.
If the website or online service has enabled the Confident KillSwitch feature, the user can establish one or more “no pass” categories in addition to their secret authentication categories during registration. If a hacker or a bot attempts to access the account by guessing login credentials or using a brute-force attack, and selects an image that fits one of the user’s “no pass” categories, Confident KillSwitch can automatically alert the business or account owner that unauthorized access is being attempted. The technology can immediately lock all access to the online account, or can present increasingly difficult ImageShield challenges while gathering important information including the IP address, geographic location and behavioral biometrics of the would-be attacker, and whether it’s an attempt to compromise a single account or part of a broader attack on the organization or even across multiple organizations. The data collected by Confident KillSwitch can also be fed into the company’s risk engine, fraud-detection platforms, or other adaptive security systems to further enhance the decisions made by those systems and help the organization proactively defend against the attacks.
A strong authentication solution that proactively defends against brute-force attacks and the harvesting of login credentials is critical today because passwords have been shown to provide virtually no security. A password consisting of six random letters and numbers can be cracked in just 4 secondsby a hacker using GPU computer processors or keystroke-logging malware, or can simply be guessed because most people choose predictable passwords.
“Although there are complex hacking attacks that can target organizations, today’s most common attack methods are still quite basic: keyloggers that steal a person’s username and password, brute-force dictionary attacks on the login, or simply guessing people’s weak passwords and PINs,” said Curtis Staker, Chief Executive Officer, Confident Technologies. “Confident KillSwitch delivers an easy solution to a common security problem. Most websites allow far too many failed authentication attempts because they can’t tell if it’s a legitimate user who has forgotten their password or if it’s a criminal attempting to break into the account. With Confident KillSwitch, the business can positively identify a fraudulent authentication attempt in the act and take immediate action.”
“Passwords and PINs are not a good way to protect sensitive information. If they’re easy enough to remember, they’re easy for unauthorized users to guess — if they’re too difficult to remember, the systems they protect won’t be used,” said Michael Osterman, founder of the industry analyst firm Osterman Research. “Studies have shown that image-based approaches to authentication are easier for people to remember than passwords and can be more resistant to brute-force attacks. Anyone interested in making access more secure and easier for users should take a close look at the Confident Technologies solution.”
Deployment and Integration Options
Confident KillSwitch is an optional feature that can be used with any of Confident Technologies’ image-based authentication solutions for websites, mobile applications and mobile devices. As a cloud-based technology, it can be integrated with other adaptive, risk-based security solutions to provide businesses a powerful ability to identify and proactively defend against attempts to compromise user accounts and commit fraud. System administrators can “dial up” or “dial down” security based upon the business needs by determining how many images should be presented to the user on the ImageShield, how many secret categories must be correctly identified for authentication, how many KillSwitch categories the user may establish and what action should be taken when the KillSwitch is triggered.
Confident KillSwitch is currently available as an optional feature with any of the Confident Technologies image-based authentication products, which can be used as stand-alone authentication solutions or as white-label integrations with other technologies. For trial and evaluation, contact firstname.lastname@example.org. For more information visit www.confidenttechnologies.com/KillSwitch.
About Confident Technologies
Confident Technologies, Inc. provides intuitive and secure, image-based authentication and verification technologies for websites, web services, mobile applications and mobile payments. Multifactor authentication solutions from Confident Technologies increase security without the need for expensive hardware tokens, smart cards or biometrics and improve user experience through an easy-to-use, image-based interface. For more information, visit www.confidenttechnologies.com.
Follow Confident Technologies on Twitter: www.twitter.com/ConfidentTech
Watch Confident Technologies on YouTube: www.youtube.com/ConfidentTech
Copyright 2011 Confident Technologies, Inc. All rights reserved. Confident Technologies is a registered trademark of Confident Technologies, Inc. All other trademarks are property of their respective owners.
[i] 2011 Data Breach Investigations Report by the US Secret Service and Verizon