Winfrasoft expands into authentication sector

News by Dan Raywood

Winfrasoft has announced a move into the authentication market with a range of grid-based technologies.

Winfrasoft has announced a move into the authentication market with a range of grid-based technologies.

PINgrid, PINphrase and PINpass offer a selection of authentication technologies to combine one-time passwords (OTPs), two-factor authentication (2FA) and pattern-based technology.

Talking to SC Magazine, Winfrasoft technical director Steven Hope said the suite has been designed to extend its offering beyond Windows-based solutions following customer discussions about authentication tools.

He said: “You can get soft and hard tokens and OTP via SMS and email, so we added two other methods of authentication: PINphrase and PINgrid.”

He explained that PINgrid is a grid-based technology where the user chooses a pattern of six characters so they do not have to remember a code; the user types in the corresponding numbers from the screen as a passcode.

“A six-by-six grid has 2.14 billion possible unique patterns, meaning that there is a one in 46,656 chance of someone guessing an OTP. With eight-by-eight this goes up to 68.7 billion; we tried ten by ten but that was too much,” he said.

“This runs on a tablet or a smartphone and refreshes every minute, so no data accesses it. Also, you don't need a token, so it makes this effectively ‘one and half factor' – so it is only what you know and there is no token needed.” He added that an SDK is available for websites to install PINgrid.

Also launched was PINphrase, which allows the user to save answers to memorable questions; questions are randomly selected at the login stage. Meanwhile, PINpass is based on the OAuth principle and takes advantage of an organisation's Active Directory infrastructure.

Hope said: “PINpass is OAuth-compliant as you send a user a soft token and this links to the user account in Active Directory. With PINphrase, we couldn't find anything that offered technology off the shelf so we created the questions and use that to set policy; the user must set at least five questions.

“If you want an authentication grid or phone-based stuff, you can use one or all of these technologies.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews