Friday, 30 October 2015

Solfyre ignites the Identity Revolution! It’s time to wave goodbye to password pain


British privacy startup being showcased at Web Summit gives users back control of their identities

British privacy pioneers Solfyre have announced the final beta phase of its password privacy app, SID. At present the iPhone only app will be available in the App Store in January 2016. Android and Windows Mobile versions will be available in early 2016. The new app heralds a beginning to the Identity Revolution by addressing the issues around password security and consumer privacy.

Following on from the recent cyber-attack on the TalkTalk website where significant personal identity information may have been lost, there is a need for an Identity Revolution where consumers reclaim control of their information and the domain of passwords is the logical first step.

How passwords are handled is the first issue about how Online Identity works. Consumers are forced to hand over (often reluctantly) vast quantities of personal information in the name of validating their identities, whilst taking all the risk of a compromise.

After every attack compromising user data where password information may have been stolen the common advice is for users to change their passwords.

It is time for an Identity Revolution. A revolution where people reclaim control of their identities and their personal data. Solfyre is building the tools for the Identity Revolution and it starts in the most obvious of places: Password Management and builds up from there. SID is a mobile app that is close to release that will address many of the issues that we face with our identities.
Password Management for everyone. The common myth is that passwords are the problem when we actually are the problem. Humans are not wired to remember long complex strings of meaningless data that changes regularly - all the things that make for effective passwords. Solfyre has designed a system to make logging into websites quick and effortless, whilst addressing security issues throughout the login process. A system that is secure at the same time being really quick and really simple to use. SID will also automatically update passwords and set them to the maximum number of characters allowed for each website.
Personal Information. Instead of handing over personal information to everybody we need to have a system where we grant people temporary access to our information. SID is designed as a personal data store that allows users to revoke access when it is no longer needed or when they feel that access to that information is putting them at risk.
Identity Assurance and Attribute Exchange. For the most part much of the information that we hand over is to assure the receiving party that we are who we say we are, to assure users’ identities. The website may be asking (and storing) dates of birth to ensure that we are old enough for the service. Consumers should be looking to offer that assurance without handing over the information. They do need to have some people to vouch for them, someone that both parties can trust. SID will handle that exchange, linking the parties for the short exchange with user’s explicit consent.
Shared Signals. If consumers are a client of TalkTalk for example they need to be listening very carefully to see if there is suspicious activity on any other accounts. How can they do that though? There is an emerging trend called "Shared Signals" which gives those Identity Providers and Identity Assurers the ability to communicate any attempts at compromising us which collectively may signal an Identity Theft or Fraud is in progress.
Centralised Storage of information. The answer to the threat of compromise is not to build bigger, stronger stores of information but return to the founding principles of the Internet and decentralise the storage of the information. Our research shows that users are concerned about putting all of their identity and security information is a single place, no matter how strongly encrypted. SID only ever stores the personal information on the users' devices, providing several ways to back the information up so that if the device is lost or damaged restoring service is quickly and easily achieved.

Solfyre is 90% of the way through the development of Step 1 of SID and is crowdfunding to assist in funding the last development by taking a lifetime subscription for a one-off fee in advance. This will give access to all of the functionality as it is released. The crowdfunding campaign is live at Indiegogo http://igg.me/at/solfyre until 28th of November. Stay up to date with SID’s developments via www.solfyre.com or via Twitter @SolfyreID.

Solfyre has been invited to the Alpha track at Web Summit and are exhibiting on November 4th.