Startup Replacing Passwords With Patterns (Shayype)

Author: Brian Rhodes, Published on Jun 28, 2017

This startup, Shayype, aims to eliminate passwords, replacing them with patterns.

Problems with passwords are clear, as simple passwords, re-used passwords, brute force attacks on passwords, etc. create significant problems.

But can 'patterns' fix this problem?

Inside this report, we share our test findings on Shayype's approach.

**** *******,*******, **** ** ********* *********, ********* **** **** ********.

******** **** ********* *** *****, ** ****** *********, **-**** *********, brute ***** ******* ** *********, ***. ****** *********** ********.

*** *** '********' *** **** *******?

****** **** ******, ** ***** *** **** ******** ** *******'* approach.

[***************]

Uses ********, *** *******

****** **** * ***** ******** ** ***,*********** * ****** ** ******** ******* **** ********** ** ***** on *** *******. ** ***** *********, *** **** ***** ** the ******** ******* ********* *** ***** ** * ******** ******* they **** ********** *******.

*** ********* ***** ***** ******* ********* *** ***** ** *** specific ***** ********* * ******* ********:

*** *** ** *** *******'* ********, ** **** ****** ********* will *** ******** ********* *******. *** ********* ********* / ****** numbers ***** **** ********* **** *** ****** ** *****:

******* ****** **** *** ****** ****** '*.* ******* ******** ******** in *** *** ****** (** *** *** *** **** *****)', and **** ** '**** ** ******* ***** *** **** *******, your *********** ** ******* *** ****-**** **** ** *********', ********* in * ****** ********, ****** *** '****' ******* ** * password.

********** * *******, ** ********** * *** *** **** ******, require ******* ** ******** ******* ** ***** **. ** *** case ** *******'* **** *******, **** **** * ***** **** where ***** ***** * *** *******.

Overview *****

** *** ***** *****, ** **** *** ******* ***** *** how ** ** ********* **** ******** ***** **************:

Claimed **********

******* ****** **** ******* *** **** ***** ****** ** ****** and ********** ******** ** ******* *** *** **** ** *****, their ****** ** **** ******. ** ******** ** *** ******* defining *** ********, ******* ****** ******* ***** ********** **** ******** passwords, *********:

  • ** ****** '*****': **** *******, ***** ** *** **** ** ***** *** matrix, ** ***** ******* ******* ** ***** * ****, *** only *** *** ******* **** ***** **** *** ***** ** using * ******** ******. **** ** ********* **** *********** ******* where **** ****, ********* *** ** **** ******** ******* *** become ****** ** ****, '*******' ********* ******* ***** ******* *** used *** ***** ******. *******'* *** ****** *** * **** of ******* ******* ** *** **** **** ** *** **** someone ******** ** **** ** *** ******* ***** ****.
  • ****-**-*****: ** *** ********* ****** *** ******* * - *, each ***** ** ******** ******** ***** ** *** ******, ******* complicating *******. ** ******* **** * **** ***** *******, ** could *********** ** ******* ********* ********.
  • ******* ************: **** ** ***** ****** ****** ********, **** '*- ******' or '**** *******', *** ***** *** ******* ** ******* **** also ** *****, ** ****** **** *****-**-****, ** ******* * gap, ** ******** *** **** **** ***** **** ** *** obscurity ** * ******** ****** ** ******. ********, *** ******* or ****** ********* *** ******* ** **********, ** *** ****** they ******* ** **** ******** ** * ******** ******* *** indicated *********.

Online ****

*** ******* ***** *'***** ** *******' ******* ***** *******. **** ***** ****** ***** *********, ******* ******* an ******* **** ********** *** *** *** *** ******** *** ********** *** *** *** ****** ***** **********.

***********

*** *** ******* ********, *******'* ****** **** **** *********, ********** for *** ******** ******** ******. *** *** **** *******:

  • ** ******* ***: ******* ** ***** ** **** **** * **** ***** web-hosted **********, *** *** *** *** **** ******* ** ******** in ** *** ********. ***** * ********** ****, *** ******** lacks *** ******* *** *** ******* ***** ********** ** ********** use *** **********.
  • ******** ***** ********: ***** **** ********* ** ******* **** ****, ******* ******** can ***** ** ********* ** ******** *** *** ***** ** unauthorized *****. **** ***** **** ************* ******** ** ***** *** be *******, *** ********* ********** ***** *** ***** ***** ***** codes.
  • *****-***** ****: ******* ** ***** ********* ** *** **-********** **** ******* physical ******** ** *************,*** **** ********** ** ********* *** ***************** *** ***** ********* ********* ******** **** *******, *****, ***, *** *-******. *******, ******* *** **** *********** ********** ******** *** ******** to ****** ** ********** *** ******** ******* ******* ******.

Vote / ****

Versus ************

*** ******** ******** ************, ******* ***** ** ** *********** *** for ******** ****** ******* ** ******* *** *** ** ****** readers. ****** **** ******* ******** **** **** *** ******* ** memorized ** ******** ** ************ *****, ******* ***** ******* '*********** security' ** ******* ** ***** * ********* ****** ** ********** valid *****.

**** '**** ********' ******* **** ********* ***** ******* *** ****** between **** ***** **** ****** ***** ****** **** ********, ** the ***** ** *** **** **** *** ****** *** **** the ********* *** ******* ******. ****** ***** ** ************ **** like *****, ** ***** ** ******** ******* ****: ***********:

******* *********** ******** *** ******** ** **** ** *** ***** fixed ********* ** ***, ******* ************* * *********** **** **** of ****** **********.

Still ***** ** ******

** *** ********* *** *******'* *******-***** ****, *** *** ****** and ******* ***** ** *********** ** *** ** **** **** effectively *** ********, ***** *** **** ** ***** ****** *** this ********.

Comments (16)

Undisclosed End User #1

07/06/17 03:01pm

* **** **** * ******** ******* ********** *** ********* ******* to ****. * ******* ** *** ********. *** ********** *** sold ** *******, ***** ** *** **** ** *******. * wonder ** ***** ****** **** *** ****. :)

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/06/17 04:22pm

****'* * **** ****!

**** ** * ***** *********'* ********:

*** ************ **** *** ******. *'** *** ******* ** ******* on *****/***/** ***** ****** ** *********.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/07/17 05:58pm

* ******* ******** *******, *** ** *** ********** ** *******, to *** ***** *** ************* ******* ** *** *******'* ********. His ********:

"* *** *** ********** ** ******** (**************://**.*********.***/****/********) **** ******* *****, *** * ***** ** ** * jobbing ********** ** ** **** ***********.

******* ******* ** * *** **** ********* *******, ******** *********** for ******** ** ***** *** *** ******** ** * **** security *******.

***’** **** ****** **** *** **** **** **** * ************* Mike **** ********** ******** ******* ** ****** * ****** *** records *** **** ******* *** *** ********** ***** ** *** 2-3 ***** ***** ******* **** *** *** ****’* *******.

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **. **** ***** ** our **** **** ** ******** ***** **** ** ******/**** *** login ********* ******* ******** ***** – ***** ** ****** ****’** unlikely ** **."

***********, ******* **** **** *******'* ******** ******/ *** ****** ****** touchpad *** ******** ********* ****** (*, *** * ******) **** observation **** ********* **** *** ******* *******.

Undisclosed #2

In reply to Brian Rhodes | 07/07/17 06:14pm

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **.

***** *** ****** *********** ********* ******* *** ** ********** ******* to **** *** ****,

*** **** ** ******** **.

*******, ** ******* ** *** ********* ** ** ****** ******* application;

** ** ****** ******* *** ******** ****** ***** *** *** using * ****** ******, * ***** ****** **** *** ***** is ******, ***** **** ***** **** ********** ******* ***** *******, if * ********** ** ********.

Undisclosed #2

07/07/17 05:01am

***** **** ********* ** ******* **** ****, ******* ******** *** still ** ********* ** ******** *** *** ***** ** ************ users.

1 * ** ** ** ** may not need much explaining :)

Undisclosed #3

07/07/17 05:34am

**** ***** ** **** *********** *** * ****** ******** ****** to ***** **** ***, *** * ********** ****** ***** ***** video ** *** *******, *** *** ***** ******* *** **** be ********** ** **** ** *** ******* ******* *** *** entered *** *** ********.

***** **'* ******** ** ** **** ** *** **** ** video ****** ** * ********* ****** ******** *** ***** ** view *** * ****-******** *** *** ** ***** **** * guess **'* ****** **** ** ********** ****** ***********.

*** **'* **** ********** **** ********* ** ***** *** ******* with * ****** ** * ***. ***** ************* ***** ***** just *** ** ** **. * ***** ******** ** * sticky **** *** *** *********** *** ******.

*** *** ****** *** ****** ******* ********* *** ******** *** an ***** ****. ***** ********* **** *** ***** **** **, and **'* ****, ** **** *****'* ****** ****** **. ** should ** ********.

** *** **** ** ******* ******* ** ****** ******* ***********, use **** ****** **************, **** **** ****, *** ****** ******* policy ******* *******.

*** *********** ************** ****** **** ******** ***** *** *********** ** stolen ****** ***********, *** ********* ****** ***** **** **** **** back **** ****** **** ***** ************ ****** ** *** ***** who *** ***** ** *** ** ** ****** **** ********** measures *** ** *****.

*****, *** ** **** ** ******* ********* ** *** ****** so ** ********** ** ******** ****** ******* ** **, *** it ** *** ****** ************* **** ******** **** **** ** already ********* ** *** ******.

**** **?

Undisclosed #2

In reply to Undisclosed #3 | 07/07/17 06:54am

*** * ********** ****** ***** ***** ***** ** *** *******, and *** ***** ******* *** **** ** ********** ** **** as *** ******* ******* *** *** ******* *** *** ********.

**, **** ***** *** ** ****** *** ** ***duplicate ****** in the grid. For instance, Brian's 411022 one-time password yields many thousand compatible patterns, not just his valid one of four corners and two center, so you would not be able to try them all before lock-up.

** *** ***** ****, ** *** **** **** ** ******** catch ***** **several ****** ** *** **** ******, each with their own key grid, you could eventually determine the pattern, by deduction.

***** * ***** ***** **** *** **** *********, *** ** would ** ********* **** **** ******* **** ***** ** ********** with **,*** ********, ~*^*. **** ******* ***** ***** ******* **,***. Any ******** *** ** *** ******** **** *** ******** ******** would ** *********, ***** *** ******* ******* ***** **** ** be ******* ** *** ****.

***** *** ****** **** ***** ** **** *** ****. ***** you ***** ** ** **** **** * ******* ** *****, or ***** **** ** ********* **** ***** **** ** **** harder, *** *** ***** ********** ** *** ******.

****** ***'** ****** ***** :)

Undisclosed #3

In reply to Undisclosed #2 | 07/07/17 07:01am

***, ***'** *****. ** *******! *****, **** ** ****** **** the **** ****** **** ********* *** ** ***** ** ** it *** ** ********** ********* **** ******** **********. *** ** you *** *** **** ** *** **** ** ********* ******** features, *** *** * *****.

Paul Shah

07/08/17 12:26am

*** * ***** ** ** ******** * **** ***** ** the *** ** ******* *** *******? ** ***** **** *** I **** *** ******* *** ** *****'* ****** **** *** ransom ******* ***.

*** ****** **** ******* **** ********* *** *** ****** ******* to ********* * ****** *******.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Paul Shah | 07/09/17 02:57am

**** ****** ******* ******** *****, ** **** * ******* ******* would ******* ******** ************ ** ********** * *******.

*'** *** ******* *** *********, *** * ****** ******* ******* will *** ****** ******* *** *******.

Paul Shah

In reply to Brian Rhodes | 07/09/17 07:31am

**'* ******** *** *******, *** *** ****** *******

Undisclosed #2

In reply to Paul Shah | 07/09/17 06:33pm

*** **** ***'* **** *** *******, **** **** **** *** numbers **** **** ********** ** **** ********, **** *** ** which ** *** *** **** *** **** *** **.

** *** **** ** **** ***** ****** ** *** **** displayed **** ****** **** ****** ***** ****, *** ***** ***** are ** ******* ********, **** ***** *** ****** *-*, **** a **** ***** ******* ** * *******.

Paul Shah

07/09/17 07:50pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ****** *** **** * ***** ** **** to **** **** ******* *** *****.

* ******'* ** **** ** ***** ** **** ******, *** I ************ ** ****.

**** * **** **** ******* *** *****, * *** ** to *** **** ****, ***** ** *** **** *******, **** the **** ****** ******* ** ***** ** *** **** ****

**** ***** ** *** **** ******.

Undisclosed #2

In reply to Paul Shah | 07/09/17 08:35pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ******....

***** ** ** ******** ** *** ******** *** **, **** ** *****'* ***** *****.

*** **** **** *** ***** ** *** ****** ** **** you ***** *** ******* *** *** ***** ****, *** **** there *** ** *******.

***********, *** ***** ***** **** ** ****** ***** *******, *** that *****'* **** *** **** ***** ********, ***** ***** *******.

*******, ** *** ** ****, *** **** **** ******* ********* logins **** ********* ***** ** ******, ** * ***** *****.

Paul Shah

In reply to Undisclosed #2 | 07/09/17 08:41pm

***, **** ***** *****

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 07/10/17 01:52am

**** ** *******, ******* ***** ** *** ***** * ******* on *** ******. **** ********* *** ******* *** ***** ********** divulge **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Startup

ISC East 2018 Mini-Show Report on Nov 15, 2018
ISC East, by its own admission, is not a national or international show, billed as the "Largest Annual Northeast U.S. Security...
Kogniz Silicon Valley AI Startup Profile on Nov 07, 2018
Kogniz is a Silicon Valley company that aims to bring AI analytics to security and surveillance, centering on their own smart cameras: We spoke...
Directory of Access Control and Intrusion Startups on Oct 30, 2018
This directory catalogs access control and intrusion detection startups IPVM has found noteworthy. The directory is provided for your review to...
Exacq Co-Founders Return, Start Qumulex on Oct 24, 2018
Exacq co-founders Dan Rittman, Tom Buckley, and David Underwood are back, starting up Qumulex. In 2000, they sold Integral to Andover...
Startup SafePass Profile on Oct 19, 2018
A major problem with visitor management is that the systems mostly require adhesive printed paper labels and paper logs, creating waste and an...
Anti-Tailgating Startup: Spyfloor on Oct 03, 2018
A Canadian startup, Spyfloor, is using a different approach to warn against tailgating, a common access control problem. By counting feet,...
Bosch / SAST / OSSA Aims To Be Industry Standard IP Camera OS and App Store on Sep 28, 2018
Bosch is betting tens of millions of dollars that their spinout SAST will become the defacto standard OS of IP cameras with an industry-wide app...
ASIS GSX 2018 Show Report on Sep 25, 2018
In the first major US show since the US government ban of Dahua and Hikvision was passed into law, the mega Chinese companies were in retreat and...
Milestone Co-Founder Invests In Anti Theft Spray SelectaDNA on Sep 06, 2018
Milestone's Co-Founder Henrik Friborg has invested in CSI Protect, exclusive US dealer of forensic marking startup SelectaDNA, a company that...
Directory Of 110+ Video Management Software (VMS) Suppliers on Aug 30, 2018
This directory provides a list of Video Management Software providers to help you see and research what options are available. Listing...

Most Recent Industry Reports

Throughtek P2P/Cloud Solution Profile on Nov 15, 2018
Many IoT manufacturers either do not have the capabilities or the interest to develop their own cloud management software for their devices....
ASIS Offering Custom Research For Manufacturers on Nov 15, 2018
Manufacturers often want to know what industry people think about trends and, in particular, the segments and product they offer.  ASIS and its...
ISC East 2018 Mini-Show Report on Nov 15, 2018
ISC East, by its own admission, is not a national or international show, billed as the "Largest Annual Northeast U.S. Security...
Hikvision Silent on "Bad Architectural Practices" Cybersecurity Report on Nov 14, 2018
A 'significant vulnerability was found in Hikvision cameras' by VDOO, a startup cybersecurity specialist. Hikvision has fixed the specific...
French Government Threatens School with $1.7M Fine For “Excessive Video Surveillance” on Nov 14, 2018
The French government has notified a high-profile Paris coding academy that it risks a fine of up to 1.5 million euros (about $1.7m) if it...
Integrator Credit Card Alternative Divvy on Nov 13, 2018
Most security integrators are small businesses but large enough that they have various employees that need to be able to expense various charges as...
Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Beware Amazon Go Store Hype (Tested) on Nov 13, 2018
IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...
Magos Radar Company Profile on Nov 12, 2018
Magos America General Manager Yaron Zussman admits when he first came across Magos, he asked himself: "What's innovative about radar?" Be that as...
Genetec Privacy Protector Tested on Nov 12, 2018
Genetec has built Kiwi Security's Privacy Protector into Security Center, an analytic which anonymizes individuals in cameras' fields of view...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact