<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Reponse to comments on Rory's BBC Blog

We generated some interesting debate on the BBC website. The comment length on Rory's blog is restricted, so I've written this blog to respond to some of the comments raised in the article, and these broadly fall into the categories of security, funding and product.

Security

Firstly I’d like to comment on the understandable concern about storing all passwords in one place. This is clearly of paramount concern and is therefore built into our solution, so to access your data, you need a username, password and a key-phrase.

Your key-phrase is used within your browser to encrypt all of your login details before they are stored on our servers. We don’t store your key-phrase, it is totally private to you and it is the only way to decrypt your stored data. Without it, even we cannot decrypt your stored details.

Using a reasonable length key phrase to encrypt your data means that even if someone maliciously got access to your stored data, then it would take the latest supercomputers millions of years to attempt every permutation of key to decrypt your data.

For the simplicity of being able to log into sites with one click, the convenience of accessing from any web device or phone, and the security offered by being able to use randomly-generated, strong, unique passwords for all your other sites, we feel that AES encryption (using a private Key Phrase) is sufficiently strong in comparison to the millions of years it would take to crack a key of reasonable length.

The big question is how secure is what you do now?

If you use similar passwords for all sites, or you store them in a file on your hard-drive or phone, or perhaps write them down, these are widely publicised as insecure practices.

There is lots of useful information and advice around the web on this, including the governments Get Safe Online campaign at www.getsafeonline.org.

Funding

The government grant being referred to is not a cash advance, it is paid retrospectively based on the creation of 25 jobs over the next two years. This is an excellent and well considered allocation of public funds in that it incentivises and stimulates well needed growth in the economy. Please let’s not also forget that as the article states, I have also risked a significant amount of personal funding that has led to the creation of highly-skilled, full-time jobs and opportunities for individuals.

jascbu - thank you for your comments on this I couldn’t agree more!!

Product

Finally, I’d like to respond to the comments about competing products. My1login differentiates from anything mentioned above in that there is no browser plug-in required and no software to download or install meaning it can be securely accessed from any browser meeting the needs of those who are mobile and using multiple devices i.e. laptop, tablet, mobile phone.

It is the only service of it’s kind to also include an integrated dashboard of your email and social media.

Hopefully that helps address the concerns, if you have any further comments we would be delighted to respond.

Kind Regards

Mike

Back to Blog

Related Articles

SAML or Enterprise Password Managers: Which Route Should You Take?

Passwords are the most common cause of data breaches, with Verizon’s 2022 Data Breach Investigation Report finding that 70% of all successful cyberattacks leveraged...

How reusing passwords exposes businesses to cyber risk

Organisations that rely on password-based authentication to protect corporate accounts often focus security initiatives on ensuring passwords are long and strong in...

Five reasons businesses are adopting IAM solutions

Identity and Access Management (IAM) is continuing to attract investment from businesses, with over 80% of global IT decision makers having already adopted or...