We generated some interesting debate on the BBC website. The comment length on Rory's blog is restricted, so I've written this blog to respond to some of the comments raised in the article, and these broadly fall into the categories of security, funding and product.
Firstly I’d like to comment on the understandable concern about storing all passwords in one place. This is clearly of paramount concern and is therefore built into our solution, so to access your data, you need a username, password and a key-phrase.
Your key-phrase is used within your browser to encrypt all of your login details before they are stored on our servers. We don’t store your key-phrase, it is totally private to you and it is the only way to decrypt your stored data. Without it, even we cannot decrypt your stored details.
Using a reasonable length key phrase to encrypt your data means that even if someone maliciously got access to your stored data, then it would take the latest supercomputers millions of years to attempt every permutation of key to decrypt your data.
For the simplicity of being able to log into sites with one click, the convenience of accessing from any web device or phone, and the security offered by being able to use randomly-generated, strong, unique passwords for all your other sites, we feel that AES encryption (using a private Key Phrase) is sufficiently strong in comparison to the millions of years it would take to crack a key of reasonable length.
The big question is how secure is what you do now?
If you use similar passwords for all sites, or you store them in a file on your hard-drive or phone, or perhaps write them down, these are widely publicised as insecure practices.
There is lots of useful information and advice around the web on this, including the governments Get Safe Online campaign at www.getsafeonline.org or on our own blog at http://blog.my1login.com/weak-password-practices/
The government grant being referred to is not a cash advance, it is paid retrospectively based on the creation of 25 jobs over the next two years. This is an excellent and well considered allocation of public funds in that it incentivises and stimulates well needed growth in the economy. Please let’s not also forget that as the article states, I have also risked a significant amount of personal funding that has led to the creation of highly-skilled, full-time jobs and opportunities for individuals.
jascbu - thank you for your comments on this I couldn’t agree more!!
Finally, I’d like to respond to the comments about competing products. My1login differentiates from anything mentioned above in that there is no browser plug-in required and no software to download or install meaning it can be securely accessed from any browser meeting the needs of those who are mobile and using multiple devices i.e. laptop, tablet, mobile phone.
It is the only service of it’s kind to also include an integrated dashboard of your email and social media.
Hopefully that helps address the concerns, if you have any further comments we would be delighted to respond.