Startup Replacing Passwords With Patterns (Shayype)

Author: Brian Rhodes, Published on Jun 28, 2017

This startup, Shayype, aims to eliminate passwords, replacing them with patterns.

Problems with passwords are clear, as simple passwords, re-used passwords, brute force attacks on passwords, etc. create significant problems.

But can 'patterns' fix this problem?

Inside this report, we share our test findings on Shayype's approach.

**** *******,*******, **** ** ********* *********, ********* **** **** ********.

******** **** ********* *** *****, ** ****** *********, **-**** *********, brute ***** ******* ** *********, ***. ****** *********** ********.

*** *** '********' *** **** *******?

****** **** ******, ** ***** *** **** ******** ** *******'* approach.

[***************]

Uses ********, *** *******

****** **** * ***** ******** ** ***,*********** * ****** ** ******** ******* **** ********** ** ***** on *** *******. ** ***** *********, *** **** ***** ** the ******** ******* ********* *** ***** ** * ******** ******* they **** ********** *******.

*** ********* ***** ***** ******* ********* *** ***** ** *** specific ***** ********* * ******* ********:

*** *** ** *** *******'* ********, ** **** ****** ********* will *** ******** ********* *******. *** ********* ********* / ****** numbers ***** **** ********* **** *** ****** ** *****:

******* ****** **** *** ****** ****** '*.* ******* ******** ******** in *** *** ****** (** *** *** *** **** *****)', and **** ** '**** ** ******* ***** *** **** *******, your *********** ** ******* *** ****-**** **** ** *********', ********* in * ****** ********, ****** *** '****' ******* ** * password.

********** * *******, ** ********** * *** *** **** ******, require ******* ** ******** ******* ** ***** **. ** *** case ** *******'* **** *******, **** **** * ***** **** where ***** ***** * *** *******.

Overview *****

** *** ***** *****, ** **** *** ******* ***** *** how ** ** ********* **** ******** ***** **************:

Claimed **********

******* ****** **** ******* *** **** ***** ****** ** ****** and ********** ******** ** ******* *** *** **** ** *****, their ****** ** **** ******. ** ******** ** *** ******* defining *** ********, ******* ****** ******* ***** ********** **** ******** passwords, *********:

  • ** ****** '*****': **** *******, ***** ** *** **** ** ***** *** matrix, ** ***** ******* ******* ** ***** * ****, *** only *** *** ******* **** ***** **** *** ***** ** using * ******** ******. **** ** ********* **** *********** ******* where **** ****, ********* *** ** **** ******** ******* *** become ****** ** ****, '*******' ********* ******* ***** ******* *** used *** ***** ******. *******'* *** ****** *** * **** of ******* ******* ** *** **** **** ** *** **** someone ******** ** **** ** *** ******* ***** ****.
  • ****-**-*****: ** *** ********* ****** *** ******* * - *, each ***** ** ******** ******** ***** ** *** ******, ******* complicating *******. ** ******* **** * **** ***** *******, ** could *********** ** ******* ********* ********.
  • ******* ************: **** ** ***** ****** ****** ********, **** '*- ******' or '**** *******', *** ***** *** ******* ** ******* **** also ** *****, ** ****** **** *****-**-****, ** ******* * gap, ** ******** *** **** **** ***** **** ** *** obscurity ** * ******** ****** ** ******. ********, *** ******* or ****** ********* *** ******* ** **********, ** *** ****** they ******* ** **** ******** ** * ******** ******* *** indicated *********.

Online ****

*** ******* ***** *'***** ** *******' ******* ***** *******. **** ***** ****** ***** *********, ******* ******* an ******* **** ********** *** *** *** *** ******** *** ********** *** *** *** ****** ***** **********.

***********

*** *** ******* ********, *******'* ****** **** **** *********, ********** for *** ******** ******** ******. *** *** **** *******:

  • ** ******* ***: ******* ** ***** ** **** **** * **** ***** web-hosted **********, *** *** *** *** **** ******* ** ******** in ** *** ********. ***** * ********** ****, *** ******** lacks *** ******* *** *** ******* ***** ********** ** ********** use *** **********.
  • ******** ***** ********: ***** **** ********* ** ******* **** ****, ******* ******** can ***** ** ********* ** ******** *** *** ***** ** unauthorized *****. **** ***** **** ************* ******** ** ***** *** be *******, *** ********* ********** ***** *** ***** ***** ***** codes.
  • *****-***** ****: ******* ** ***** ********* ** *** **-********** **** ******* physical ******** ** *************,*** **** ********** ** ********* *** ***************** *** ***** ********* ********* ******** **** *******, *****, ***, *** *-******. *******, ******* *** **** *********** ********** ******** *** ******** to ****** ** ********** *** ******** ******* ******* ******.

Vote / ****

Versus ************

*** ******** ******** ************, ******* ***** ** ** *********** *** for ******** ****** ******* ** ******* *** *** ** ****** readers. ****** **** ******* ******** **** **** *** ******* ** memorized ** ******** ** ************ *****, ******* ***** ******* '*********** security' ** ******* ** ***** * ********* ****** ** ********** valid *****.

**** '**** ********' ******* **** ********* ***** ******* *** ****** between **** ***** **** ****** ***** ****** **** ********, ** the ***** ** *** **** **** *** ****** *** **** the ********* *** ******* ******. ****** ***** ** ************ **** like *****, ** ***** ** ******** ******* ****: ***********:

******* *********** ******** *** ******** ** **** ** *** ***** fixed ********* ** ***, ******* ************* * *********** **** **** of ****** **********.

Still ***** ** ******

** *** ********* *** *******'* *******-***** ****, *** *** ****** and ******* ***** ** *********** ** *** ** **** **** effectively *** ********, ***** *** **** ** ***** ****** *** this ********.

Comments (16)

Undisclosed End User #1

07/06/17 03:01pm

* **** **** * ******** ******* ********** *** ********* ******* to ****. * ******* ** *** ********. *** ********** *** sold ** *******, ***** ** *** **** ** *******. * wonder ** ***** ****** **** *** ****. :)

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/06/17 04:22pm

****'* * **** ****!

**** ** * ***** *********'* ********:

*** ************ **** *** ******. *'** *** ******* ** ******* on *****/***/** ***** ****** ** *********.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/07/17 08:58pm

* ******* ******** *******, *** ** *** ********** ** *******, to *** ***** *** ************* ******* ** *** *******'* ********. His ********:

"* *** *** ********** ** ******** (**************://**.*********.***/****/********) **** ******* *****, *** * ***** ** ** * jobbing ********** ** ** **** ***********.

******* ******* ** * *** **** ********* *******, ******** *********** for ******** ** ***** *** *** ******** ** * **** security *******.

***’** **** ****** **** *** **** **** **** * ************* Mike **** ********** ******** ******* ** ****** * ****** *** records *** **** ******* *** *** ********** ***** ** *** 2-3 ***** ***** ******* **** *** *** ****’* *******.

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **. **** ***** ** our **** **** ** ******** ***** **** ** ******/**** *** login ********* ******* ******** ***** – ***** ** ****** ****’** unlikely ** **."

***********, ******* **** **** *******'* ******** ******/ *** ****** ****** touchpad *** ******** ********* ****** (*, *** * ******) **** observation **** ********* **** *** ******* *******.

Undisclosed #2

In reply to Brian Rhodes | 07/07/17 09:14pm

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **.

***** *** ****** *********** ********* ******* *** ** ********** ******* to **** *** ****,

*** **** ** ******** **.

*******, ** ******* ** *** ********* ** ** ****** ******* application;

** ** ****** ******* *** ******** ****** ***** *** *** using * ****** ******, * ***** ****** **** *** ***** is ******, ***** **** ***** **** ********** ******* ***** *******, if * ********** ** ********.

Undisclosed #2

07/07/17 05:01am

***** **** ********* ** ******* **** ****, ******* ******** *** still ** ********* ** ******** *** *** ***** ** ************ users.

1 * ** ** ** ** may not need much explaining :)

Undisclosed #3

07/07/17 05:34am

**** ***** ** **** *********** *** * ****** ******** ****** to ***** **** ***, *** * ********** ****** ***** ***** video ** *** *******, *** *** ***** ******* *** **** be ********** ** **** ** *** ******* ******* *** *** entered *** *** ********.

***** **'* ******** ** ** **** ** *** **** ** video ****** ** * ********* ****** ******** *** ***** ** view *** * ****-******** *** *** ** ***** **** * guess **'* ****** **** ** ********** ****** ***********.

*** **'* **** ********** **** ********* ** ***** *** ******* with * ****** ** * ***. ***** ************* ***** ***** just *** ** ** **. * ***** ******** ** * sticky **** *** *** *********** *** ******.

*** *** ****** *** ****** ******* ********* *** ******** *** an ***** ****. ***** ********* **** *** ***** **** **, and **'* ****, ** **** *****'* ****** ****** **. ** should ** ********.

** *** **** ** ******* ******* ** ****** ******* ***********, use **** ****** **************, **** **** ****, *** ****** ******* policy ******* *******.

*** *********** ************** ****** **** ******** ***** *** *********** ** stolen ****** ***********, *** ********* ****** ***** **** **** **** back **** ****** **** ***** ************ ****** ** *** ***** who *** ***** ** *** ** ** ****** **** ********** measures *** ** *****.

*****, *** ** **** ** ******* ********* ** *** ****** so ** ********** ** ******** ****** ******* ** **, *** it ** *** ****** ************* **** ******** **** **** ** already ********* ** *** ******.

**** **?

Undisclosed #2

In reply to Undisclosed #3 | 07/07/17 06:54am

*** * ********** ****** ***** ***** ***** ** *** *******, and *** ***** ******* *** **** ** ********** ** **** as *** ******* ******* *** *** ******* *** *** ********.

**, **** ***** *** ** ****** *** ** ***duplicate ****** in the grid. For instance, Brian's 411022 one-time password yields many thousand compatible patterns, not just his valid one of four corners and two center, so you would not be able to try them all before lock-up.

** *** ***** ****, ** *** **** **** ** ******** catch ***** **several ****** ** *** **** ******, each with their own key grid, you could eventually determine the pattern, by deduction.

***** * ***** ***** **** *** **** *********, *** ** would ** ********* **** **** ******* **** ***** ** ********** with **,*** ********, ~*^*. **** ******* ***** ***** ******* **,***. Any ******** *** ** *** ******** **** *** ******** ******** would ** *********, ***** *** ******* ******* ***** **** ** be ******* ** *** ****.

***** *** ****** **** ***** ** **** *** ****. ***** you ***** ** ** **** **** * ******* ** *****, or ***** **** ** ********* **** ***** **** ** **** harder, *** *** ***** ********** ** *** ******.

****** ***'** ****** ***** :)

Undisclosed #3

In reply to Undisclosed #2 | 07/07/17 07:01am

***, ***'** *****. ** *******! *****, **** ** ****** **** the **** ****** **** ********* *** ** ***** ** ** it *** ** ********** ********* **** ******** **********. *** ** you *** *** **** ** *** **** ** ********* ******** features, *** *** * *****.

Paul Shah

07/08/17 12:26am

*** * ***** ** ** ******** * **** ***** ** the *** ** ******* *** *******? ** ***** **** *** I **** *** ******* *** ** *****'* ****** **** *** ransom ******* ***.

*** ****** **** ******* **** ********* *** *** ****** ******* to ********* * ****** *******.

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Paul Shah | 07/09/17 02:57am

**** ****** ******* ******** *****, ** **** * ******* ******* would ******* ******** ************ ** ********** * *******.

*'** *** ******* *** *********, *** * ****** ******* ******* will *** ****** ******* *** *******.

Paul Shah

In reply to Brian Rhodes | 07/09/17 07:31am

**'* ******** *** *******, *** *** ****** *******

Undisclosed #2

In reply to Paul Shah | 07/09/17 06:33pm

*** **** ***'* **** *** *******, **** **** **** *** numbers **** **** ********** ** **** ********, **** *** ** which ** *** *** **** *** **** *** **.

** *** **** ** **** ***** ****** ** *** **** displayed **** ****** **** ****** ***** ****, *** ***** ***** are ** ******* ********, **** ***** *** ****** *-*, **** a **** ***** ******* ** * *******.

Paul Shah

07/09/17 07:50pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ****** *** **** * ***** ** **** to **** **** ******* *** *****.

* ******'* ** **** ** ***** ** **** ******, *** I ************ ** ****.

**** * **** **** ******* *** *****, * *** ** to *** **** ****, ***** ** *** **** *******, **** the **** ****** ******* ** ***** ** *** **** ****

**** ***** ** *** **** ******.

Undisclosed #2

In reply to Paul Shah | 07/09/17 10:35pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ******....

***** ** ** ******** ** *** ******** *** **, **** ** *****'* ***** *****.

*** **** **** *** ***** ** *** ****** ** **** you ***** *** ******* *** *** ***** ****, *** **** there *** ** *******.

***********, *** ***** ***** **** ** ****** ***** *******, *** that *****'* **** *** **** ***** ********, ***** ***** *******.

*******, ** *** ** ****, *** **** **** ******* ********* logins **** ********* ***** ** ******, ** * ***** *****.

Paul Shah

In reply to Undisclosed #2 | 07/09/17 10:41pm

***, **** ***** *****

Thumbnail pp 5

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 07/10/17 03:52am

**** ** *******, ******* ***** ** *** ***** * ******* on *** ******. **** ********* *** ******* *** ***** ********** divulge **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Startup

Startup Strops Completely Wireless Surveillance Camera Examined on Jul 28, 2017
European startup Strops has developed a surveillance camera that offers up to 6 days of runtime and cellular communications to create a fully...
$28M Drone Detection Startup Examined (Dedrone) on Jul 25, 2017
Dedrone has received ~$28M in funding to build what they call an "automatic anti-drone solution", a system to detect drones, and then automatically...
Milestone / Canon Launch Cloud Startup Arcus Global on Jun 27, 2017
Milestone has spun off a business, Arcus Global, funded by their parent company Canon. The new company aims to transform the VSaaS market with an...
Deep Learning Surveillance Startups Deep Problem on Jun 23, 2017
The undeniably good news for the video surveillance market is that we are seeing the rise of more startups than in many years. The cause of this...
Jeff Bezos-Funded Deep Sentinel Security Startup on Jun 05, 2017
Deep Learning is a rising trend in many commercial security products, and now one entrepreneur wants to bring deep learning to residential...
Aura's 'Invisible Ripple' Next Gen Intrusion Detection Tested on May 23, 2017
Aura Home is a startup intrusion detection system, but it claims new, high-tech sensing that monitors the 'invisible ripples' movement creates,...
Shark Tank Startup Guard Llama Mobile Panic Tested on May 16, 2017
A Shark Tank TV show appearance has attracted big attention for Guard Llama, a security startup touting a 'panic button' paired with mobile app...
Deep Science - Active Threat Cloud Monitoring Startup on Apr 03, 2017
Deep learning for $2 a day for a system that automatically detects guns and masks, alerting the police to robberies and threats? A US startup is...
Bill Gates Funded Startup Evolv Gets $18M For The "Most Advanced Threat Detection System" on Mar 17, 2017
Evolv Technologies has just raised $18 million, bringing its total to $30M, for developing what the company says is the most advanced threat...

Most Recent Industry Reports

Final Day Save $50 - IP Networking Course September 2017 on Aug 17, 2017
Today, Thursday, August 17th is the last day to save $50 on the September IP Networking Course. This is the only networking course designed...
Knightscope Raises $10 Million With $3,320 Average Per Investor on Aug 17, 2017
Congrats to Knightscope. And condolences to their legion of little investors. Knightscope has disclosed they have raised $10+ million from their...
Axis and Arecont Legal Conflict Over Multi-Imager Cameras on Aug 17, 2017
Arecont threatened Axis. Axis has responded by moving to invalidate an Arecont patent. It is an important contest. Multi-imagers are Arecont's...
Directory Of Consumer Security Cameras on Aug 16, 2017
The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...
Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017
Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...
Hikvision Responds To Cracked Security Codes on Aug 15, 2017
Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...
Stolen Video NVR / DVR Statistics on Aug 15, 2017
"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....
Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017
The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...
Axis Laser Focus PTZ Tested on Aug 14, 2017
Axis has been touting its new Q6155-E laser focus PTZ as 'always in focus' and 'always in color'. Does it really deliver? We bought and tested...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact