Startup Replacing Passwords With Patterns (Shayype)

Author: Brian Rhodes, Published on Jun 28, 2017

This startup, Shayype, aims to eliminate passwords, replacing them with patterns.

Problems with passwords are clear, as simple passwords, re-used passwords, brute force attacks on passwords, etc. create significant problems.

But can 'patterns' fix this problem?

Inside this report, we share our test findings on Shayype's approach.

**** *******,*******, **** ** ********* *********, ********* **** **** ********.

******** **** ********* *** *****, ** ****** *********, **-**** *********, brute ***** ******* ** *********, ***. ****** *********** ********.

*** *** '********' *** **** *******?

****** **** ******, ** ***** *** **** ******** ** *******'* approach.

[***************]

Uses ********, *** *******

****** **** * ***** ******** ** ***,*********** * ****** ** ******** ******* **** ********** ** ***** on *** *******. ** ***** *********, *** **** ***** ** the ******** ******* ********* *** ***** ** * ******** ******* they **** ********** *******.

*** ********* ***** ***** ******* ********* *** ***** ** *** specific ***** ********* * ******* ********:

*** *** ** *** *******'* ********, ** **** ****** ********* will *** ******** ********* *******. *** ********* ********* / ****** numbers ***** **** ********* **** *** ****** ** *****:

******* ****** **** *** ****** ****** '*.* ******* ******** ******** in *** *** ****** (** *** *** *** **** *****)', and **** ** '**** ** ******* ***** *** **** *******, your *********** ** ******* *** ****-**** **** ** *********', ********* in * ****** ********, ****** *** '****' ******* ** * password.

********** * *******, ** ********** * *** *** **** ******, require ******* ** ******** ******* ** ***** **. ** *** case ** *******'* **** *******, **** **** * ***** **** where ***** ***** * *** *******.

Overview *****

** *** ***** *****, ** **** *** ******* ***** *** how ** ** ********* **** ******** ***** **************:

Claimed **********

******* ****** **** ******* *** **** ***** ****** ** ****** and ********** ******** ** ******* *** *** **** ** *****, their ****** ** **** ******. ** ******** ** *** ******* defining *** ********, ******* ****** ******* ***** ********** **** ******** passwords, *********:

  • ** ****** '*****': **** *******, ***** ** *** **** ** ***** *** matrix, ** ***** ******* ******* ** ***** * ****, *** only *** *** ******* **** ***** **** *** ***** ** using * ******** ******. **** ** ********* **** *********** ******* where **** ****, ********* *** ** **** ******** ******* *** become ****** ** ****, '*******' ********* ******* ***** ******* *** used *** ***** ******. *******'* *** ****** *** * **** of ******* ******* ** *** **** **** ** *** **** someone ******** ** **** ** *** ******* ***** ****.
  • ****-**-*****: ** *** ********* ****** *** ******* * - *, each ***** ** ******** ******** ***** ** *** ******, ******* complicating *******. ** ******* **** * **** ***** *******, ** could *********** ** ******* ********* ********.
  • ******* ************: **** ** ***** ****** ****** ********, **** '*- ******' or '**** *******', *** ***** *** ******* ** ******* **** also ** *****, ** ****** **** *****-**-****, ** ******* * gap, ** ******** *** **** **** ***** **** ** *** obscurity ** * ******** ****** ** ******. ********, *** ******* or ****** ********* *** ******* ** **********, ** *** ****** they ******* ** **** ******** ** * ******** ******* *** indicated *********.

Online ****

*** ******* ***** *'***** ** *******' ******* ***** *******. **** ***** ****** ***** *********, ******* ******* an ******* **** ********** *** *** *** *** ******** *** ********** *** *** *** ****** ***** **********.

***********

*** *** ******* ********, *******'* ****** **** **** *********, ********** for *** ******** ******** ******. *** *** **** *******:

  • ** ******* ***: ******* ** ***** ** **** **** * **** ***** web-hosted **********, *** *** *** *** **** ******* ** ******** in ** *** ********. ***** * ********** ****, *** ******** lacks *** ******* *** *** ******* ***** ********** ** ********** use *** **********.
  • ******** ***** ********: ***** **** ********* ** ******* **** ****, ******* ******** can ***** ** ********* ** ******** *** *** ***** ** unauthorized *****. **** ***** **** ************* ******** ** ***** *** be *******, *** ********* ********** ***** *** ***** ***** ***** codes.
  • *****-***** ****: ******* ** ***** ********* ** *** **-********** **** ******* physical ******** ** *************,*** **** ********** ** ********* *** ***************** *** ***** ********* ********* ******** **** *******, *****, ***, *** *-******. *******, ******* *** **** *********** ********** ******** *** ******** to ****** ** ********** *** ******** ******* ******* ******.

Vote / ****

Versus ************

*** ******** ******** ************, ******* ***** ** ** *********** *** for ******** ****** ******* ** ******* *** *** ** ****** readers. ****** **** ******* ******** **** **** *** ******* ** memorized ** ******** ** ************ *****, ******* ***** ******* '*********** security' ** ******* ** ***** * ********* ****** ** ********** valid *****.

**** '**** ********' ******* **** ********* ***** ******* *** ****** between **** ***** **** ****** ***** ****** **** ********, ** the ***** ** *** **** **** *** ****** *** **** the ********* *** ******* ******. ****** ***** ** ************ **** like *****, ** ***** ** ******** ******* ****: ***********:

******* *********** ******** *** ******** ** **** ** *** ***** fixed ********* ** ***, ******* ************* * *********** **** **** of ****** **********.

Still ***** ** ******

** *** ********* *** *******'* *******-***** ****, *** *** ****** and ******* ***** ** *********** ** *** ** **** **** effectively *** ********, ***** *** **** ** ***** ****** *** this ********.

Comments (16)

Undisclosed End User #1

07/06/17 03:01pm

* **** **** * ******** ******* ********** *** ********* ******* to ****. * ******* ** *** ********. *** ********** *** sold ** *******, ***** ** *** **** ** *******. * wonder ** ***** ****** **** *** ****. :)

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/06/17 04:22pm

****'* * **** ****!

**** ** * ***** *********'* ********:

*** ************ **** *** ******. *'** *** ******* ** ******* on *****/***/** ***** ****** ** *********.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed End User #1 | 07/07/17 05:58pm

* ******* ******** *******, *** ** *** ********** ** *******, to *** ***** *** ************* ******* ** *** *******'* ********. His ********:

"* *** *** ********** ** ******** (**************://**.*********.***/****/********) **** ******* *****, *** * ***** ** ** * jobbing ********** ** ** **** ***********.

******* ******* ** * *** **** ********* *******, ******** *********** for ******** ** ***** *** *** ******** ** * **** security *******.

***’** **** ****** **** *** **** **** **** * ************* Mike **** ********** ******** ******* ** ****** * ****** *** records *** **** ******* *** *** ********** ***** ** *** 2-3 ***** ***** ******* **** *** *** ****’* *******.

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **. **** ***** ** our **** **** ** ******** ***** **** ** ******/**** *** login ********* ******* ******** ***** – ***** ** ****** ****’** unlikely ** **."

***********, ******* **** **** *******'* ******** ******/ *** ****** ****** touchpad *** ******** ********* ****** (*, *** * ******) **** observation **** ********* **** *** ******* *******.

Undisclosed #2

In reply to Brian Rhodes | 07/07/17 06:14pm

*** **** ****** **’** ******* * **** ******** ******* (******* HSS) ***** *****’* *** *** ******’* ********, ********** * ****** knowing ***** ********** **** **** ***** **.

***** *** ****** *********** ********* ******* *** ** ********** ******* to **** *** ****,

*** **** ** ******** **.

*******, ** ******* ** *** ********* ** ** ****** ******* application;

** ** ****** ******* *** ******** ****** ***** *** *** using * ****** ******, * ***** ****** **** *** ***** is ******, ***** **** ***** **** ********** ******* ***** *******, if * ********** ** ********.

Undisclosed #2

07/07/17 05:01am

***** **** ********* ** ******* **** ****, ******* ******** *** still ** ********* ** ******** *** *** ***** ** ************ users.

1 * ** ** ** ** may not need much explaining :)

Undisclosed #3

07/07/17 05:34am

**** ***** ** **** *********** *** * ****** ******** ****** to ***** **** ***, *** * ********** ****** ***** ***** video ** *** *******, *** *** ***** ******* *** **** be ********** ** **** ** *** ******* ******* *** *** entered *** *** ********.

***** **'* ******** ** ** **** ** *** **** ** video ****** ** * ********* ****** ******** *** ***** ** view *** * ****-******** *** *** ** ***** **** * guess **'* ****** **** ** ********** ****** ***********.

*** **'* **** ********** **** ********* ** ***** *** ******* with * ****** ** * ***. ***** ************* ***** ***** just *** ** ** **. * ***** ******** ** * sticky **** *** *** *********** *** ******.

*** *** ****** *** ****** ******* ********* *** ******** *** an ***** ****. ***** ********* **** *** ***** **** **, and **'* ****, ** **** *****'* ****** ****** **. ** should ** ********.

** *** **** ** ******* ******* ** ****** ******* ***********, use **** ****** **************, **** **** ****, *** ****** ******* policy ******* *******.

*** *********** ************** ****** **** ******** ***** *** *********** ** stolen ****** ***********, *** ********* ****** ***** **** **** **** back **** ****** **** ***** ************ ****** ** *** ***** who *** ***** ** *** ** ** ****** **** ********** measures *** ** *****.

*****, *** ** **** ** ******* ********* ** *** ****** so ** ********** ** ******** ****** ******* ** **, *** it ** *** ****** ************* **** ******** **** **** ** already ********* ** *** ******.

**** **?

Undisclosed #2

In reply to Undisclosed #3 | 07/07/17 06:54am

*** * ********** ****** ***** ***** ***** ** *** *******, and *** ***** ******* *** **** ** ********** ** **** as *** ******* ******* *** *** ******* *** *** ********.

**, **** ***** *** ** ****** *** ** ***duplicate ****** in the grid. For instance, Brian's 411022 one-time password yields many thousand compatible patterns, not just his valid one of four corners and two center, so you would not be able to try them all before lock-up.

** *** ***** ****, ** *** **** **** ** ******** catch ***** **several ****** ** *** **** ******, each with their own key grid, you could eventually determine the pattern, by deduction.

***** * ***** ***** **** *** **** *********, *** ** would ** ********* **** **** ******* **** ***** ** ********** with **,*** ********, ~*^*. **** ******* ***** ***** ******* **,***. Any ******** *** ** *** ******** **** *** ******** ******** would ** *********, ***** *** ******* ******* ***** **** ** be ******* ** *** ****.

***** *** ****** **** ***** ** **** *** ****. ***** you ***** ** ** **** **** * ******* ** *****, or ***** **** ** ********* **** ***** **** ** **** harder, *** *** ***** ********** ** *** ******.

****** ***'** ****** ***** :)

Undisclosed #3

In reply to Undisclosed #2 | 07/07/17 07:01am

***, ***'** *****. ** *******! *****, **** ** ****** **** the **** ****** **** ********* *** ** ***** ** ** it *** ** ********** ********* **** ******** **********. *** ** you *** *** **** ** *** **** ** ********* ******** features, *** *** * *****.

Paul Shah

07/08/17 12:26am

*** * ***** ** ** ******** * **** ***** ** the *** ** ******* *** *******? ** ***** **** *** I **** *** ******* *** ** *****'* ****** **** *** ransom ******* ***.

*** ****** **** ******* **** ********* *** *** ****** ******* to ********* * ****** *******.

Avatar

Brian Rhodes

IPVMU Certified | In reply to Paul Shah | 07/09/17 02:57am

**** ****** ******* ******** *****, ** **** * ******* ******* would ******* ******** ************ ** ********** * *******.

*'** *** ******* *** *********, *** * ****** ******* ******* will *** ****** ******* *** *******.

Paul Shah

In reply to Brian Rhodes | 07/09/17 07:31am

**'* ******** *** *******, *** *** ****** *******

Undisclosed #2

In reply to Paul Shah | 07/09/17 06:33pm

*** **** ***'* **** *** *******, **** **** **** *** numbers **** **** ********** ** **** ********, **** *** ** which ** *** *** **** *** **** *** **.

** *** **** ** **** ***** ****** ** *** **** displayed **** ****** **** ****** ***** ****, *** ***** ***** are ** ******* ********, **** ***** *** ****** *-*, **** a **** ***** ******* ** * *******.

Paul Shah

07/09/17 07:50pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ****** *** **** * ***** ** **** to **** **** ******* *** *****.

* ******'* ** **** ** ***** ** **** ******, *** I ************ ** ****.

**** * **** **** ******* *** *****, * *** ** to *** **** ****, ***** ** *** **** *******, **** the **** ****** ******* ** ***** ** *** **** ****

**** ***** ** *** **** ******.

Undisclosed #2

In reply to Paul Shah | 07/09/17 08:35pm

** ** * **** ** ******* *** * **** **** that *** *** ***** *** ****** ** *** *** ****** layout **** ********* *******, *** **** ** ***** ** *** on *** **** ******....

***** ** ** ******** ** *** ******** *** **, **** ** *****'* ***** *****.

*** **** **** *** ***** ** *** ****** ** **** you ***** *** ******* *** *** ***** ****, *** **** there *** ** *******.

***********, *** ***** ***** **** ** ****** ***** *******, *** that *****'* **** *** **** ***** ********, ***** ***** *******.

*******, ** *** ** ****, *** **** **** ******* ********* logins **** ********* ***** ** ******, ** * ***** *****.

Paul Shah

In reply to Undisclosed #2 | 07/09/17 08:41pm

***, **** ***** *****

Avatar

Brian Rhodes

IPVMU Certified | In reply to Undisclosed #2 | 07/10/17 01:52am

**** ** *******, ******* ***** ** *** ***** * ******* on *** ******. **** ********* *** ******* *** ***** ********** divulge **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Startup

OpenALPR Acquired By Mysterious Novume on Mar 13, 2019
Startup OpenALPR has been acquired by Novume, a company virtually unknown in the industry. While there are many LPR providers (see our directory),...
Cisco Meraki Cloud VMS/Cameras Tested on Feb 13, 2019
Cisco Meraki says their cameras "bring Meraki magic to the enterprise video security world". According to Meraki, their magic is their management...
Solink Raises $12 Million - Company Profile on Feb 12, 2019
Most industry professionals have never heard of Solink, a company whose tagline is: It's time to revolutionize the way business uses...
Verkada Cloud VMS/Cameras Tested on Jan 28, 2019
Verkada is arguably the most ambitious video surveillance startup in many years. The company is developing their own cameras, their own VMS, their...
Dahua China Significant Job Cuts on Jan 28, 2019
Dahua China has cut a significant number of jobs in the past few months, according to numerous sources. This is a significant shift from Dahua's...
Turnover at Arcules on Jan 24, 2019
Canon / Milestone are putting tens of millions into Arcules - their bet on the future of the VMS market (see IPVM's Arcules test report). But over...
Gorilla Technology AI Provider, Raises $15 Million, Profiled on Jan 15, 2019
Gorilla Technology is a Taiwanese video analytics manufacturer that recently announced a $15 million investment from SBI Group, saying this...
2019 Video Surveillance Cameras Overview on Jan 07, 2019
Each year, IPVM summarizes the main advances and changes for video surveillance cameras, based on our industry-leading testing and...
IPVM Best New Products 2019 Opened - 70+ Entrants on Jan 07, 2019
The inaugural IPVM Best New Product Awards has been opened - the industry's first and only program where the awards are not pay-to-play and the...
European Startup Ajax Profile - They "Stand Against Evil" on Jan 03, 2019
European intrusion detection startup Ajax Systems proclaims: How are they standing against evil? And what are the differentiators and potential...

Most Recent Industry Reports

Avigilon Launches 'Renewed Products Program' on Mar 19, 2019
There are lots of 'pre-owned' cars but pre-owned IP cameras? While such programs are common in other industries, in video surveillance, they are...
Hanwha Tax Evasion Probe, Camera Division Implicated on Mar 19, 2019
A Hanwha group subsidiary was raided as part of a tax evasion probe. While a Korean news media report listed the raided entity as 'Hanwha...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Retired Mercury President Returns As Open Options President on Mar 18, 2019
Open Options experienced major changes in 2018, including being acquired by ACRE and losing its President and General Manager, John Berman who...
Large US University End-User Video Surveillance Interview on Mar 18, 2019
Schools have become targets in modern days of active shooters and terrorist fears. The need for video and access security is high. Universities...
Hikvision Favorability Results 2019 on Mar 18, 2019
Hikvision favorability results declined significantly in IPVM's 2019 study of 200+ integrators. While in 2017 Hikvision's favorability was...
ONVIF Favorability Results 2019 on Mar 15, 2019
In the past decade, ONVIF has grown from a reaction to the outside Cisco-lead PSIA challenge, to being the de facto video surveillance standard...
Installation Course - Last Chance on Mar 14, 2019
This is the last chance to register for the March Installation course. This is a unique installation course in a market where little practical...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US Drafting Separate Rule for NDAA Dahua/Hikvision 'Blacklist' on Mar 14, 2019
The most debated provision of the NDAA ban of Dahua, Hikvision, Huawei, et al. is the so-called 'blacklist' provision which would ban any company...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact