Capturing a personal memory to create a secure authentication is now a reality. Georgia Steele Matthews, chief product officer at PixelPin, details the cybersecurity business’s journey and vision for the future of online security. Briony Richter reports
PixelPin’s goal is to create an online environment where consumers can safety and easily navigate through various sites and their personal accounts. Cybersecurity is massively important for all organisations and merchants around the world.
It is especially vital for banks that carry important financial information about their customers. Data breaches and failed purchases are serious problems for retailers and consumers: they cause a brand to lose trust, and heighten customer insecurity.
A robust, simple and secure authentication process is, therefore, absolutely critical. This is even more necessary across Europe, as from 14 September 2019 new requirements for authenticating online payments will be introduced as part of the second Payment Services Directive (PSD2).
PixelPin believes it has the solution to revolutionise the way consumers access online services and accounts. Its security solution completely eliminates passwords. Using visual and cloud-based technology, consumers can log into their accounts using a photo that holds a personal memory.
With the amount of online accounts gathered over time, it is hardly surprising that consumers – including this writer – repeatedly forget their passwords. Studies have shown that many consumers are visual learners, and this is the area that PixelPin is optimising. Instead of frustratingly digging through their memories, users can log in using a favourite photograph.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataGeorgia Steele, chief product officer at PixelPin, is responsible for the overall proposition. She sits between the sales, marketing and tech departments to develop and deliver the finished product.
Defence and security
Discussing the PixelPin journey, Steele says: “Our founders both come from military defence and security backgrounds, and the idea came from working with the Metropolitan Police. One of our founders was working in the surveillance team. They both saw issues with current security systems, and started to look at alternative ways to log in.
“Around 65% of the population are visual learners, so they focus on patterns and colour balances much better than print and audio. That’s why we started looking into pictures.”
Aimed at delivering a smoother online payment experience for consumers, PixelPin’s approach dramatically shortens checkout time, improves security and reduces cart abandonment rates. “We have been talking to retailers, and a fashion site in the UK used us purely because it had a high drop-out rate. We are also live on a ticketing site in Asia; its issue was that the password process was so long and users couldn’t remember their password, so many just didn’t get in. It wanted an easy-to-use, secure and convenient solution.”
Asked why it is time to rethink the login process, Steele adds: “I think there are several reasons why people should ditch passwords.
“Firstly, around 75% of people are not completing purchases online due to password resets, so there is a cost issue and that is affecting retailers a lot. People themselves don’t know how to properly use passwords; around 10% of people are using the password 1234, which is shocking. The majority of passwords are on hackers’ lists.
“Hackers often conduct what we call visionary attacks – this is where the hacker will put in every word found in the dictionary and numbers at the end, and can find 90% of passwords used. So it’s really time to ditch the passwords.”
For years, the financial and security sector has been talking about the need to replace passwords with more secure and reliable methods.
The number of passwords needed in an average day has become a burden, and their security vulnerabilities are not lost on the organisations that use them. Especially in the financial sector, organisations must take into account, security, availability and usability when offering a different authentication solution.
At a time when more data and security attacks are caused by password compromise, it is going to be increasingly difficult – and soon impossible – to make the case that password only authentication is appropriate security.
The PixelPin solution
The cybersecurity business allows users to get rid of complicated and numerous passwords.
The consumer simply chooses a photograph and selects four points that can create a story to log in. “PixelPin itself is a picture-based authentication. We allow users to log into their accounts, wherever that may be, using a personal picture and four points. On registration they upload a personal picture, or they can set it to gallery images. They then press four points. Now, as they pick their four points we encourage users to create a story and this helps in the memory process – so the picture itself acts as a visual aid.”
Steele adds that the image does not have to be a picture of the user; in fact, PixelPin encourages users to pick a memory of something that resonates with them. For example, an individual could pick an image from their favourite music gig or their dog’s collar. It is all about giving choice in a more secure and visual way.
“We wanted to provide a unified authentication product, so we provide that Across android, iOS and desktop,” Steele notes.
“The story is kept in the user’s mind and is told as they press the four points. The reason we are called PixelPin is because all the information, when you press on one of the points, is taken down to pixel level and then expanded back up where we can work out where the customer has selected.
“If someone is watching over your shoulder, they won’t know the pattern that you are following. We have some blocks, but really we encourage users to use images of friends, family, favourite past times. It’s not biometric and it’s not facial recognition.”
Better than biometrics
The industry as a whole has come a long way towards developing alternative authentication methods; however, because society is so used to passwords, it is unlikely that they will disappear overnight. That being said, there are also numerous choices available now.
Biometrics is being used more extensively by banks and financial organisations, but Steele believes there is a space in the market for biometrics and PixelPin’s solution – and that there are flaws with biometric authentication.
“I think the weakness with biometrics is that when that solution doesn’t work for whatever reason, it’s backed up with a password. Therefore, you could have the most secure biometric in the world, but if it fails and your PIN is still simple, hackers will easily get in.
“There is a lot of human error that goes along with biometrics, but we think there is a space for both; it’s giving users options.”
PixelPin’s solution is arguably more secure for the future of the industry. The number of different points that can be chosen on a picture are much greater than the number of characters for a password. Furthermore, the points that an individual chooses cannot be guessed by a hacker.
There is no algorithm that can be used to follow a visual pattern. Developing a product that delivers this level of accessibility and security is hard, and will always need worked on as other ideas and consumer demands come to light.
Speaking about the hurdles the company has faced, Steele states: “As we grew, we had to work out how we could make our technology applicable to all devices. We evolved the product several times to continue to make it easy as possible. I would say the product is always evolving; if, for example, a user is confused about the four points, then we as a team should embed more information to guide them.
“We are always developing, and this is how we see the future of authentication. It’s about the talking to customers and really listening to their needs.” Steele highlights that one of the biggest hurdles facing the whole industry is being able to properly manage and defend against automated bots.
Hackers are creating their own bots that can attack business systems and access consumer details. Security measures are certainly improving, but different countries are moving at very different paces. PixelPin has opened an office in Japan, where everything is described with picture, making it the perfect place to launch picture-based authentication.
Steele notes that Asia in general is far more fast-paced than the UK and Europe. The UK in particular is a little more hesitant about fully adopting solutions like PixelPin’s.
Consumers do not necessarily like passwords, but they know them, so the challenge is to change mindsets on alternative authentication methods. With all this in mind, Steele turns to the next part of the PixelPin mission.
“In terms of evolving, we are currently looking at how we can partner with other different solutions to make our offering stronger,” she explains.
“For example, we may partner with a behavioural biometrics company. With a partnership like that we could actually track how you authenticate. We could also track the length of time and monitor changes in patterns.
“From an innovation perspective, we are looking at pictures and perhaps moving images. We are very live in Japan, and they are very big on Pokémon. Potentially you could use your favourite Pokémon character, and as you move between points, the Pokémon moves. It’s a prototype currently, but definitely something on which we are gathering insight.”