February 8, 2017 -
The security industry has already accepted the end of the traditional access control regime of usernames and passwords. What shape the shift will take is less certain, however. BluStor believes it has the answer, in the form of a smart card that acts as a local-storage password manager secured by multi-factor biometrics. At the upcoming RSA Conference, Feb. 13 to 17 in San Francisco, BluStor will unveil its Password Vault, which due to its ease of use as a companion product to mobile devices, could be the next step in securing the connected world for consumers.
Founder and CEO Finis Conner can help pilot a shift in technology, having already led one towards our current connected world as a founder of Seagate (then called Shugart Technology) in 1978 and Conner Peripherals in 1987. Conner found that changing the form factor of hard disk drives was the best way to address a practical usability issue with early personal computer technology.
“In both cases they were the beginning of a transition in serving the mobile computing world, trying to get it out of the computer room and onto desktops and into the hands of the mobile user,” Conner told Biometric Update in an exclusive interview.
The Password Vault provides the standard password manager function, plus offers several additional related capabilities, in a form Conner says is more simple and easy for end users, and substantially more secure, due to the innovative “virtual keyboard” approach. It also includes the AutoLogN function, which makes log-in automatic for Windows and Mac devices.
When the enrolled end-user authenticates to the Password Vault, stored among that user’s other cards in a pocket or wallet, it communicates through Bluetooth Low-Energy with the user’s paired device, which recognizes it as a keyboard, with no additional software or infrastructure necessary.
“It’s very simple underneath the hood, but its novel in terms of how we use it, and its capabilities,” BluStor COO Mark Bennett told Biometric Update. “Effectively all modern-day operating systems and devices, all smartphones, computers, tablets, and laptops support wireless Bluetooth keyboards.”
“What we’ve managed to do, is to make our card emulate that keyboard and actually send the keystrokes on your behalf, securely to the device that you’ve paired it with,” Bennett explains. “Now you have a situation where you can authenticate yourself to the card with multi-factor biometrics, the card then appears as a keyboard to your devices, and actually transmits your username and password.”
Built on the CyberGate platform, the Password Vault stores a practically unlimited number of passwords as well as other sensitive textual information the user is concerned about, such as a credit card number or prescription information, on a 1 GB flash drive. From the user’s wallet or on a lanyard, it provides easy touch-free authentication.
By avoiding cloud storage of credentials with a third party, BluStor completely sidesteps the risk of a mass loss of credentials, as has already happened many times, including the historic the breach of credentials from Yahoo, as well as the Office of Personnel Management.
While amazing advancements have been made in cloud security, in the case of databases of stored credentials, improvements are made against the rapidly moving target of hacker capability. With individually stored credentials, the value proposition for the hacker is removed, because a successful hack would net only a single user’s credentials.
It also opens up robust password management for users and systems not connected to the cloud.
These advantages make it a convenient solution for consumers seeking effective password management, and recognizing the value of biometrics to security, but with a lower level of confidence in, or access to, solutions running in the cloud.
Password Vault also has a large potential market among enterprises and government organizations, many of whom have already determined to adopt strong multi-factor authentication, and are currently trying to decide how to do so.
The password management market is already quite large, as the top ten companies in the space have approximately eight to ten million customers, Conner estimates. The Password Vault can also be offered as a white label product by those password management providers, OEMs, or other service providers.
“There’s more capability than just password management on this, so the value proposition and convenience factor is very, very attractive,” Conner says. “We think some of those eight to ten million people who have already bought a password manager might be ideal candidates to upgrade to this.”
As that substantial existing market grows with consumer adoption, BluStor is poised to deliver Password Vault as a mass solution to the general security problem with mobile devices. “Because of the simplicity and the added value over just passwords, this is a very substantial opportunity for the world to move forward and secure the mobile world,” says Conner.
BluStor’s abrupt reversal from stealth mode to the active market is also shown by its active role in RSA 2017. The company will not only introduce the Password Vault, but also show off the extended capabilities of the CyberGate platform to the security professionals dealing directly with the password problem. You can visit BluStor and even buy an advanced release Password Vault at OATH booth 1021, in the conference’s South Hall.
BluStor’s website has already begun selling the Password Vault, and provides a video showing the device in use. It will also provide a promotional code for RSA attendees checking it out in person.
With an MSRP of $99.99, the one-time cost of the Password Vault is equivalent to roughly two years of service with the leading password managers, Conner says. The unique security stance it provides, along with the additional features like AutoLogN, make it a compelling product for consumers, enterprises, and potential partners in the security industry.