GATE password system

Password managers only solve part of the problem [ too many passwords to remember ], but leave the other important part unsolved [ user pin exposure during login : peek over the shoulder / keylogger / video camera ], if you rely on them for your first part of the problem, they might come back and bite you big time for the 2nd part of the problem, because once your master password is exposed [ keylogger/ hidden camera ], all your passwords will be stolen. There is now an innovative way to use short and easy to remember passcodes to protect your accounts, it won’t expose user pins during the authentication process, easy for you, while hard for the hackers, more info and online demo at : gatecybertech [ dot ] com
[Edited to add link because new members can’t on day one. Also checked URL at Virustotal]

It has won 5 international cybersecurity innovation awards, try it for yourself.

Their website feels the scam…
but yeah okey why not. Now you need to lobby on the forums of the password managers to ask for that system

The site isn’t very attractive but I didn’t see a scam. It is an interesting solution to a common problem.

I expect to add it to the password manager poll for 2021.

@boistordu, What do you mean “Their website feels the scam”, I’d like to know how to make the site not look like scam ? Feedback welcome !

@Remah, thanks ! There are 3 versions of demo so far : [1] Java Swing desktop version [2] Online live web version [3] Android demo on Google Play. I encourage interested users to give it a try, play with the concept and offer some feedback, pretend to be a hacker and see how hard it is to try to steal passcodes from the GATE system, even if you setup cameras to record user login sessions …

I did a demo in Atlanta Tech Village, the video is on my site [ at the bottom : " More info : Problem, Solution, Benefits, Application, Threats, Statistics & Videos" ]


I’ve moved this into a separate topic because our discussion has moved beyond the poll.

My main issue with the website is that I couldn’t see the maths. GATE raises the bar by making it more difficult for keyloggers etc but it doesn’t eliminate all the risks. So what are the theoretical probabilities associated with each detection method calculating the correct code for different password lengths. In other words, GATE adds x bits or y magnitudes of difficulty to guessing the password for each method used to crack the password.

Short passwords is good but short passwords are still more easily cracked. So what is the minimum password length that makes it impractical to try to break it before the password is regularly changed?

How does GATE protect password changes which seems to remain a key issue?


I’m away from my desktop for a while so looked at the GATE site on my phone. It looks a lot better than on desktop. On Firefox desktop and Windows 10 I was getting a serif font. On Android 9 Chrome it is sans serif.

I’ll check again when I get to my desk.

Great, I’m glad for what you did, there are several points I want to address :

[1] We are all technical people, so let’s get over the LOOK OF THE SITE, and get to the essence of technology, doesn’t matter how the site LOOKS, if it’s garbage, it’s still garbage, if it’s Nobel Prize winning innovation, it deserves to be shared and benefited by millions, am I right :slight_smile: ?!

[2] There are free sample demo apps, I encourage you to play with them to find out for yourself about the parameters you are looking for, I don’t want you to take my word for it, get a hands on experience with the GATE system and you can explain it better to others after you have the experience.

[3] Here are where to find the 3 demo versions :
[a] Online web version : from my main site, click the “Try GATE free” button. The user data is erased over night, so if you created an account today, and played with it, the account won’t exist tomorrow. You will have to re-create it.
[b] Android version : from my main site, click the “GATE Android Demo [ Free Download At Google Play ]”. This is the latest version, with colors, I’ve tested it on my Samsung Galaxy phone, it looks good, but it should also run on other Android devices.
[c] Java Swing desktop version : from my main site, click the “Licensing, sample software, and comprehensive training available.” link at the bottom of the page. This is the ORIGINAL implementation, done few years ago, it may not look as fancy as the other 2 versions, but it has something the other 2 versions don’t have : Auto demo with highlighted user pins on screen and “Text Login” which shows the internal data flow of the GATE system, how the symbols are passed around, and what if the communication is intercepted, what the hackers will see, from there you can play the hacker’s role and try to guess the GATE passcode [ assume your friend created the passcode, you didn’t know but you intercepted the transmission ]. Fun to play with …

[4] Basically what GATE is trying to achieve is the following :
[a] Solve the main problem current password system has : user pin exposure during the authentication process, by peeking over the shoulder, keylogger or video camera.
[b] Requirements for passwords that make them hard to remember : lowercase, uppercase, numbers and special characters, at least 8 digits long, change every 2 ,3 months …
[c] Higher costs of bio-metrics and yet still not safe for security [ if you allow me to add links, I can show you much more info :slight_smile: ! ].

[5] I WELCOME YOU TO DO A DEEP comparison of the current password systems and the GATE system in the following areas :
[a] Peek-over-the-shoulder
[b] Keylogger
[c] Hidden camera
[d] Wire tapping
[e] Password/passcode requirements
[f] Phishing
[g] Dictionary attack
And see which one is better in each area.

So to answer you question briefly : I would say a 4 to 6 digit long GATE passcode is strong enough, again, play with the demos and get your own conclusion, enjoy the hacking :slight_smile: !

1 Like

:thinking: No.

Looks matter to people. First impressions are important. The people who most need this are less technical and need more hand holding.

The site isn’t convincing. I’m technical and you haven’t persuaded me because there is little technical info. I can see some benefits but they aren’t sufficient to persuade me to try it because of the time cost to evaluate it. If I were to deeply evaluate your software then I’d have to drop other voluntary commitments I’ve made like devoting some time to this site.

The reason it’s not technical was I made it too much so before, I was told no one would be interested in it, so now it’s less technical, try the following site for more details :slight_smile:

1 Like


Sorry if I’m not very fast to answer but I don’t consult all my forums every day or I would only do that.

So Why this website feels the scam.
For working in specific line of work links to that, this website resembles to a scam chinese website made with frontpage under windows XP.
Plus there is no point to this website, or it’s not enlightening. Plus I don’t know what you are waiting from the visitors of those website or even from us in the forums. And I certainly don’t know who you are around this project and why you are implicated in it. But maybe I missed that information.

A few tips now from the industry itselfs.
You will receive a lot of opposition in the industry.
Lastpass is a slow administration machine for example, because of logMein. So they are not all that into innovation.
1password, their security officer is very opposed to any new changes and has a strong standpoint in terms of security. So it has never been possible to make him accept the necessity of a PIN code, only biometric. The use of yubikey in comparaison to others like lastpass for example or keepass, is very limited etc etc
Dashlane are pollute with link to the publicity and big data companies
Enpass has never been clear on their financial situation
Bitwarden has build its app on node.js and don’t want to change it even if we know that node.js is the biggest hole in computer security at the moment
etc etc

So the only way you will prove your effectiveness, if you are one of the dev of the system of GATE, is
1/ prove your system works through a whitepaper.
2/ prove the system works into a opensource project, it could be bitwarden, it could be keepass etc . But you actually need to implement yourself, so it means to put it right now since it’s already an old tech (2018) to work to release in a month the code on github on a fork of bitwarden or keepass so that the main contributor can analyze it and maybe accept it in its original code.
3/ when all that is done, then contact every major INDEPENDENT password manager (so not norton, mcafee or I don’t know what else), but so people who are in the actual business of only doing that and discuss with them about the adoption of the system by their teams.
Which is exactly what Apple did with the game video industry in the 90’s. Help the actual dev to adopt your systems.
I would suggest to go through Troy Hunt for 1password.
Ask for a meeting with lastpass security officer and make some lobbying on twitter to them or even go through Linus Tech Tips for them to realize the importance of the project.
Directly speaking to the Mozilla security officer who happens to be very open and very welcoming I think.
By targeting some of the people who are those about who we talk the most in cybersecurity community, on twitter #infosec, on privacytools, on the different cybersecurity opensource project like whonix - qubesOS - purism etc You will have the adoption of the others more easily.

What could make the adoption easier, would be that you already coded the needed libraries to make your addon to work with different projects.
It’s maybe not to you that I need to lecture you about the how to structure the code but I’m pretty sure you know what I’m talking about, Design Patterns. If you design well enough your code, you will be able to create cross platform libraries which would be able to be used with different interface’s libraries etc.

So the Website if you want to present this project and to make it public, then do something minimalistic like
maybe even more complex like the citizenlab

As you can see they do that under the form of an article. They don’t use blue background. It’s classy, minimalistic, clear. And Most importantly the work needs to be sourced.
And also, don’t use third API in the website build. Does citizenlab use third party ? No and it is way bigger than your website. Same goes for the other cybersecurity websites.

So again I don’t know who you are, I don’t know what’s your implication in this etc. But that’s already some leads you can go with.

Woo, lots of information. First of all, I’d like to thank you for your “frankness” by pointing out a lot of “obvious” weak spots in my post, I never realized that readers might not like that, I guess I got passed the “skin”, but to others, what they see is the “skin” :slight_smile: !

You are like a mirror, I see my reflection through you, THANK YOU VERY MUCH !

Although I’ve been in software development for many years, but since I’m not in this field [ password security ], I don’t have that knowledge. I got into this area 5 years ago after watching a PBS show called “Rise of the Hackers”, which pointed out that password is a weak link in cybersecurity, and it bothers me that nowadays there are so many requirements for the passwords : lowercase, uppercase, numbers and special characters, at least 8 digits long, change every 2,3 months. Who can remember that with so many accounts ? I can’t !

Because I’m a person who likes to solve problems, I thought maybe I can do something about this and fix the password problem. So I looked at it and realized the root cause of the problem is the obviousness of the password authentication process, if your password is “123”, when you enter it, you do it one digit at a time : “1”,“2”,“3”, and if this process is intercepted by a hacker [ peek over the shoulder, keylogging or video recording ], he can steal it right away. So I thought maybe we should hide the pins among other symbols, so when user enters them as a group of symbols, then the password won’t stand out and won’t be obvious, something like this : “a1#~” , “y2+/”, “&3%$”, 3 tokens, each has 4 symbols with user pins mixed in with other symbols.

Yes it’s not obvious for sure, but what a hassle, too much trouble, right ?

So why not let the server generate those groups of symbols [ tokens ], and present them to the user on the screen and let user select which token to enter for each pin in his password, then the idea was born.

But then I realized, if I’m a hacker try to steal user password/passcode, I can record his login sessions and do a comparison, then figure out which one is the first pin which one is the 2nd pin, so on. Like the following, assume I intercepted user login 3 times :
[1] 1st time : “a1#~” , “y2+/”, “&3%$” [ Don’t know which could be user pins ]
[2] 2nd time : “v1%!” , “p2/+”, “=3^$” [ 1st pin is “1”, 2nd could be “2”,"/","+", 3rd could be “3”,"$" ]
[3] 3rd time : “h1$!” , “x2=%”, “&3*?” [ 1st pin is “1”, 2nd is “2”, 3rd is “3” ]

1st time I don’t know, 2nd time I can figure out that the 1st pin must be “1”, 3rd time I’ll know the whole password is “123”.

Therefore I came up with a way to hide some pins, and this would make hacker’s guess work MUCH HARDER, because some user pins could be missing each time, and when a pin is missing, user can and must use a wildcard in place of that pin, therefore user can authenticate [ the server knows which pin is intentional missing because they are generated by the server ], but the hacker won’t know when/where a user pin is missing in each login session, it changes every time.

Then I came up with an easy to remember name for this process : GATE : Graphic Access Tabular Entry.
The rest is history … I implemented it in Java, and now there are 3 free demo versions, also based on the GATE system I came up with a data encryption method, and got 2 patents for them.

Well, back to what you were saying … what is “FATE”, I looked it up, couldn’t find what it means. You seem to know the field quite well, do you see a potential for the GATE system :slight_smile: ?!

Hi Frank.

Sorry if I was a bit harsh.

So First I mistyped GATE… Iddin’t want to say FATE.
So are you one of the linkendin profil on your website?

And yes I think there should be a place for you in the whole industry. But first you need to prove that it is actually working for the intended purposes. And for that we need to see some WhitePapers. You mentionned several scholars on your page… Where are they ? You should have a presentaiton page of who you are on your website.
Did you prove the effectiveness of your system? You can look to how Johanna rutkowska has done his whitepaper about qubesOS for example.
Because okey, you have a patent. But do you have an actual team like you describe on your website? That’s also why it feels like a scam, because you don’t say anything about the context etc.

So please first the website to clarify your situation ,the situation of your project, and the team working on that and all the sources people should need to evaluate your work.
If you really want to do a complete website then do something small like :
And you really should begin to review your code to make it opensource.
As stated
and so
even the US army has make its transition to opensource. And it’s not because it’s opensource that you can’t make money out of it. Don’t worry about that. But first unfortunately you have to prove yourself and that’s the only way you are going to achieve this since your project is mostly a plugin part or an add-in to the existent softwares.

Yes, I have a LinkedIn profile, but I use that mainly to advocate for the GATE innovation, it only shows how long I’ve been working on the project, not my software developer career, if you are interested I can show you my resume site where my past jobs are listed.

I did have a whitepaper published on a PenTest Meg site, but glasswire makes it hard for me to add links here, so can someone please turn this function on for me, so I can post more info on different sites.

There are 3 working versions of the GATE system, all free demos, you can try them :expressionless:

  1. On my web site

  2. From Google Play

  3. Download from my site a Java Swing desktop version.

I’m the only one working on this project. I have made some connections on the LinkedIn site and I’ve quoted their comments on the GATE system. Among them, I met Carl at an innovation award ceremony at the 2018 National Cyber Summit on June 7, 2018 in Huntsville AL.

Among the people I listed on my site, Ted Murphree knows my situation the best, you can find him on LinkedIn, he is now Senior Privacy Advisor at USAA, he used to be Assistant City Attorney, Information Technology, City of San Antonio. Also Assistant Professorial Lecturer at The George Washington University, he’s my mentor.

Another person whom I communicated with on LinkedIn is : Ramon Torres. He used to be Network Administrator at United States Marine Corps, he downloaded my Java demo app, and actually tested it, showed he co-workers how he logs in, asked them to guess his passcode, after several days, they still could guess what it was. We had a conversation about that, if you are interested, I can show you. Now he works at MS as Digital Security & Risk Engineer (Microsoft).

I don’t mind open source the GATE code, just need someone to show me the ropes, step by step so to speak. And it would be nice if someone interested in this innovation can take it for a run, what I mean is : a lot of things you talked about, like go to some place, incorporate it into “bitwarden / keepass”, I have no idea, so if you know someone who is good at those things can take my Java source code, and make it work the way you described, it will be very helpful, since I’m the original developer of the GATE system, I can tell him how my source code works and what it all means.

There are A LOT OF DETAILS in my 3rd link, post on 4-11 1:43, can someone fix that link please ?

What’s your name ? Can you introduce yourself :slight_smile: ?!

Okey I’ve been mistaken, your linkendin part of your page is your network of people who did try your system.

sorry for that.

Begin to work on your website first as I first recommendedyou because this is urgent. And secondly read the different GNU or MIT license to see what you would be more comfortable with
then when you did that, you need to put your code on one of the code sharing platform like bitbucket, github or gitlab or make your own one like a gitlab and specify the license under which you are releasing it.
Can you do that rapidly?

Then it will possible to move forward maybe.

Did you follow a design pattern for your addon?

Well, seems to me a lot is going on, let me explain what I mean, and hope you can see things from my perspective, and be understandable :

[1] Trust is mutual, you’ve said a lot about wanting to know who I am, what I do, whom I’ve been in contact with, whitepaper, look of my site … I can understand that, try to build trust/understanding with each other. But when I asked you to introduce yourself, what do I get ? Not even a name, so please understand from my perspective, I’ve invested 5 years into the GATE project, 3 years full time without a job, because I firmly believe it’s a viable solution to the current password problems. I have applied and received 2 US patents and applied for PCT international patents, which covers around 60 nations, so a lot of my time, effort and money are invested into this. When it comes to the future direction of GATE I take it VERY seriously, therefore if I’m getting advice from someone, I need to know that this advice is coming from a trusted source, am I right ? Wouldn’t you do the same ?! So that’s why I want to know who you are, what you do, and so on …

[2] When it comes to open source, I’m a fan of it and have benefited from it too, so your advice makes sense, and I’m thinking about what it means to GATE, but since I’ve invested so much time and $ into the GATE project, I have to pay a lot of patent fees, VERY expensive and keeps coming, shouldn’t I get compensated for the efforts I’ve put into this, shouldn’t I get paid for the software I’ve developed ?! Otherwise how do I pay for the patent fees ? I’ve been reading about how open source free software can make a profit, like by offering software support, by offering dual licensing models …, but that seems for away from me, how do I solve the current financial pressure ? I was thinking if some organization likes the GATE system, it will pay a licensing fee, buy my sample software and I can keep operatinal like that. But if I put the code into open source, who will pay my expenses to keep me going ?

[3] Speaking of which, I have another question, if open source makes sense and is SO GOOD, why GlassWire is not in open source, I specifically looked it up, there is a page saying what are the open source alternatives to the GlassWire app, and why GlassWire [ although not open source ] is better, so why should I NOT follow its example, why should I open source GATE ? There are free demo GATE apps anyone interested can try and test, see how it works, find the technical parameters, why do I need to give up the GATE source code for FREE ?! Who will recognize the efforts I’ve put into it ?

The concept is quite interesting and the website does look a bit off though I understand that is not the focus. It is reminiscent of an old site that would be littered with scam ads.

I would recommend editing your post to state that you represent Gate, as I feel like more direct disclosure would add to your credibility. I do absolutely like the concept I just feel like this is an advertisement without proper disclosure.

If your product becomes big I look forward to using it one day, regardless keep up the hard work!

Thanks for the encouragement, I tried to edit the old post, but it would mess up the link, as a new user, I can’t add link, someone has fixed it for me, so I’ll just leave it. Yes, I’m the one who came up with the GATE concept and implemented the demo apps. I had some old sites, my friends said they looked old fashioned, so I searched the web and find some top rated looks, and used the color scheme, came up with this new site. But now you are complaining again, I’m tired of going after someone else’s taste, I think it looks good enough for me, so I’ll just leave it as is. My advice is “Look past the skin”, see through the cloud and find the facts, the essence of the GATE system is to hide user pins during authentication, the rest is just a way to achieve that goal. If you like the idea, please share the site with anyone you know, the more people know about this concept, the sooner it will turn into reality :slight_smile: :

A definite improvement though small. :+1:

@Remah, could you help me fix the links in my last post, also the one on 4-10 9 pm. Thanks

I totally understand your frustration. And I empathize with your situation.
But Who I am is irrelevant. Let’s say I’m a nobody and that I’m a 16 year old kid having a heavy tongue. What does matter is what I say and is it logical? proved? and useful for you?
To every of these questions it’s yes.

It’s not that we need to build trust. It’s that you need to present YOUR work to the world. Did you see those links I’ve sent here? Does these scholar or researchers care about building trust? No they only want to prove something to the world to improve computer science in general. That’s all. Which should be our goal to all.
So no there is no building trust here. You asked us for our advice. Well, we are giving it to you.
Do you want your system to be adopted, YES or NO? This is a simple question .

And again I understand your frustration, but we are not talking about something personal here. And I understand that this is personal here for you. But it is really not.
The longer you wait to EVALUATE and I’m not even saying adopting my advices, just evaluate them. You are loosing time.
Precious TIme!

Because as you’ve stated the PCT international is only covering 60 countries. Not the world. And I’m even not sure that’s include China. And China is the biggest robber of patents. Just look for a web search about patents conflicts US - China. So the more time you wait, the more chance there will be someone else in those countries who are going to come up with your idea but slightly better and provide it maybe for free or maybe otherwise but who would take the actual steps to make it known to the world and especially the industrial partners. WHICH YOU STILL DIDN’T DO AND THAT I’VE ADVISED YOU TO DO.
Do you understand how your point f view is so too much protective and so blocking you to adopt the right choices?

Now the question about about the money you’ve invested in patents.
I totally understand your economical point of view about the money you spent.
And this is clearly something you need to take into account. THAT’S WHY I’ve told you to look for the content of the GNU and MIT licenses!!! Because it would give you the information you look for about your patents. You don’t seem to know much about opensource, but opensource is based on the fact that your present the code to other people but that doesn’t necessarily mean that you don’t keep you patents. You actually keep your rights over your code. People can incorporated it, and depending of the license you choose to publish your code, they will be able to actually change the code, propose some changes or use it for them. But they won’t be able to propose a paid product with your code assimilated into it.

So again dear @Frank_Ni, look for advices that proves themselves…
Not necessarily mine, only those who are common sense and/or those who are proved to be right by examples.

For your project to be presentable and to be professional, you don’t need to take the trendy looks for your website! You need to mimic all the presentations in the cybersecurity world which are all the same, since it is a cybersecurity addon for existent products already in place.
I’m going to re-insert my links I’ve given to you :slight_smile:

I’m under the impression that you didn’t even think to legitimise to your minde the links I4ve sent here. You didn’t look for those people.
You didn’t look who they were and if they were references in the world of infosec or infrastructure related.
Publishing your whitepaper on your website to prove your theory is common sense. An improvement in technology is made by publishing the concept idea with a white paper attach to it to prove that it actually works and to explain how it improves actually things, with numbers in counterpart of other theory or with the current situation .
Publishing your PGP keys with your contact information is also common sense.
Make a part of your website which is titled “about me” when you want your work to be evaluated is also common sense.
People, researchers, industrials are NOT going to evaluate your work unless you have already a company in your name who are lobbying them/ OR if you are lobbying them yourself which will results in the very specific case of industrials to fail/ OR you published the white paper who are actual proof of that your theory is working and improving things. This is also common sense.
Does the coronavirus crisis not teached you anything? Epidemiologist, Doctors are not building a trust relationship to exchange their informations. They are not talking to each other over the phone. They are publishing the studies. And then every one of the guys of each research teams are reading it and they incorporate and evaluate the results in their own work.

So no I’m proving to you right now that you need to evaluate my advices independently from my identity. If you don’t adopt them, then fine don’t adopt them. Your loss. It’s me helping you there, not the other way around. I don’t care that your system is piercing one day or not. Someone else is going to feel the gap in the future if your don’t. And you better to act fast, because soon the only thing who is going to be used to secure or login are going to be bio-metric or security keys like yubikeys. And even Yubico, is making a bio-metric security key right now as we speak. So if you don’t want to become irrelevant then act on it. Don’t wait on people see through the myst or through the skin as you say it. If they don’t have what they are looking for as proof directly, they won’t contact you. That’s as simple as that.

And that’s why presentation is not enough, it’s jsut a small step to make the life’s everyone slightly smoother.
The real step will be to learn about opensource licenses, publish your opensource code (And I’m sure you didn’t even read the MITRE report from 2003 I’ve sent), and then contact the different peoples I4ve appointed to you with all the materials ready to present to them the solution to a problem.

YOU are not going to be contacted by any industrials or anyone from this forum, out of magic just because they read your post and they did go see your website. Knowledge is being done by publicity. Since the beginning of time. This means people talking to other people like MASSIVELY! or publish on some platform which will acquire traction. This is also common sense and well published history whether it’s the Gutenberg invention or other inventions.

So yes it’s a hassle to redone your website. But what I’ve showed to you are a way simple structure and CSS coding and all that than the “trendy look” that you’ve been working on.

So now do what ever you want but don’t act like your work is done, nor like society or others have something to reward you with just because you think you’ve invented something without actual proving that the thing is working and that you’ve made everything possible to make other adopt your system.

And if all of that wasn’t crystal clear, I never reveal my identity over public forums. Only through mails with PGP to situation which requires my identity to be revealed or through encrypted chats to people I know or again to specific situations. But I don’t have to make something known to the world or to prove anything to the world, so this is a completely different situation than you.

And don’t expect people to share your website or your website being taken seriously by actual people in the industry if you don’t prove yourself first, and a demo is not proof… It’s just proof that maybe it is working as intended. But we are in computer science so what matters is white paper and Code. nothing else.

Glasswire doesn’t need to prove anything for example. They are giving an easy product to people for free and if you want to support it, why not. But this is basically a graphical interface that youse some opensource tools and nothing else. There are not complex algorithm about encryption or deciphering or protection that they invented it. They actually compile every knowledge in this field and every tools they could get and put into one with a nice interface. So this is not new technology here. That’s why glasswire don’t have to publish anything besides make themselves known as a company who sells a monitoring product. Do you seed the difference here? And I would even go deeper, there is actually no proof what so ever that there is a complex algorithm who would identify a rootkit, which by definition is hiding from the system, and who activate notifications about its presence and its usage to the network. That would actually need some whitepaper to be published yes. But this is not the case. You could have a rootkit on your computer and glasswire wouldn’t notice it like the rest of the system.

I really hope that will clarify things in your mind. And even if you don’t follow our advices, I really hope that you will get through to make your system being adopted by one of the industrials in this field.

Best of luck.