I updated the links in three posts.
FYI, your Trust Level (TL) is now level 1, Basic user, so you can create two links in a post.
If you want to understand the TL progression in Discourse then see this article:
Very helpful, thank you 
!
Perhaps I am missing something, but if you are running a password manager on a modern mobile then the device becomes a second factor. Ideally secured with bio-metrics (in which case there is nothing for hidden cameras to record), or failing that, device and app PINs (which are useless unless you also have the device). Desktop login requires TFA from the mobile so knowing the master password is not enough.
However, the biggest problem I see with GATE is that of acceptance and adoption. It will be very difficult to get the IT industry to switch to and promote the use of 4-6 character PINs which appear to undermine their previous best practice advice, policies and complexity requirements. For end users I think the UI will be a barrier to acceptance. The âwall of hieroglyphsâ looks very complex and I suspect will have some accessibility issues. From the demo videos it clearly takes some time to hunt for your tokens (which may not even be there). I imagine entering a 6 character PIN would be like completing a puzzle each time you login and soon become frustrating.
Storing the whole passcode server-side seems to be a step backwards from the current practice of using hashed passwords. If the server is compromised then your passcode could be revealed and is bad news if you have used the same one for different systems. If you want to have different hieroglyph sequences for every system then you are back to needing a password managerâŚ
What if hacker uses hidden camera to steal master password from user, then befriend him and get hold of his device while he is in shower/sleep/drunk and logs in without his consent ?
Old rules were designed for old systems, new rules should be established for new systems.
@boistordu, I just updated my https://gatecybertech.com/gate.html page, now itâs in the âpreferredâ format, feedback welcome ! [ If you see typos, please let me know. ]
1 Like
this is much better.
Even if there is some page setup problem.
Now you should separate this one page in different page with specific topics.
Reviews shouldnât be there on the same page, it should be another page.
same thing for about me and contact and sources if you want to put one
etc.
I donât want to scroll endlessly on the page.
Thanks for the advice, but feels like a free bird being put into a cage, painful ! Once a free bird becomes a cage bird, the spirit of freedom and innovation will be gone, it will only know to fly within the boundary of a few inches, no more âsky-is-the-limitâ kind of ambition or think âout-of-the-boxâ kind of mind set. Iâll be just another paper pusher, hope not 
Iâll do it on Mon.
I understand what you feel. I really do. But I think you still have the US idea of freedom (I(m not saying that you are an US citizen). Well I can tell you thatâs just a fantasy. Itâs not how research is being done. Itâs not the reality. And it has never worked like that actually.
You always based your work on othersâ work. Always. You donât invent out of thin air. It depends of your background, your acquired knowledge etc.
So reasearchers are not paper pusher. The paper pushers are only those who wonât do anything to actually make their idea work, those who create patents and wait in the hope that companies are going to contact them to buy them their patents. Those are the real paper-pushers because their only goal is create conceptual ideas, the more generalist one the better, and hope for a financial income some day because of thatâŚ
You want to transform your idea in something real. Well itâs time to do what needs to be done to be recognized. People are not going to accept you the way you are just because. There is no âjust becauseâ in the world. So if you want something from other people, you need to adapt and acquire their protocols for being recognized as a peer.
Freedom in this case is only valid when you live alone like tom hanks ona island and draw smiley faces on balls. So please just forget about it.
You need to have presentable idea to show to the people in charge, then we can discuss who to contact, how and also we can upgrade your code.
And about that, you still didnât tell me if youâve followed a design patterns or not? Is your code documented enough for a 5 year old to understand?
Yes, you are right, I see your point of view. But since Iâm not in this field, I really donât like the formalities, you have to do things this way, that way ⌠I still enjoy being me, do things the way I like, and hence the âfreedomâ I referred to, being able to think and do things âoutsideâ the beaten path, so new things can be discovered, hardly anything new on the road millions of people walk everyday.
You do have a point, this unorthodox habit I have is hardly acceptable in the research circle, I can care less about that, except that I do hope one-in-a-million sharp eyed expert in this field can see through the mist and understand the true value in my innovation and the benefit it can bring to the security of the digital world. To be more âunderstandableâ by the majority of the research community, Iâm following your advice to rearrange the content into a more acceptable format.
I will also include the content of my 2nd patent [ GATE Encryption ], it uses the GATE system as the basis for massage/data encryption, this might take a bit longer. Itâs a new way of encrypting data, the same message can be encrypted into a 1 MB file, a 100 MB file or a 10 GB file, sort of burying information into a mountain of irrelevant data, its parameter is adjustable.
I generally follow the object oriented design pattern, but regarding the source code, Iâm still not convinced itâs in my best interest to put it into opensource. It will make sense if a consortium [ for identity management for example ], or a large corporation like Google, MS, IBM can see the value in the GATE system and purchase the source code, then put it into opensource, that will be more acceptable. It will reduce my burden and at the same time advertise for that organization and benefit the developer comminity. This type of situation has happen many times before. Hope it can happen this time.
OK, done, Iâve just updated the site, now with GATE encryption details, enjoy reading. Feedback welcome !
No security is going to stop the most determined hacker. For the Gate system a hacker just needs to social engineer, threaten or blackmail the target into revealing their 4-6 character PIN. No physical access is required.
Storing the whole passcode server-side presents another attack vector for the determined hacker.
You didnât address usability and accessibility. Have you carried out user acceptance testing with a significant test group? If so how did they find the âwall of hieroglyphsââ user interface? How many different PINs could they memorise and successfully pick from the grid.
I agree partially with your statement when you said âNo security is going to stop the most determined hackerâ, traditional password system is like a regular glass, one shot the person behind the glass is dead, GATE is like a bulletproof glass, it can withstand multiple shots, by the time you realize someone is shooting at you multiple times, you could have got away [ changed your GATE passcode ], instead of staying there and being shot at. It greatly reduces the chance of being breached, and most hackers will go find some other easier targets.
You have to balance the risks of either side, by not storing the encrypted passcodes on the server-side, you have another set of problems âŚ
Your last question shows you havenât tried the GATE authentication system, once you learned how it works, itâs NOT as hard as it seems. For the hacker, yes, itâs hard, for the user, itâs easy to use and more importantly : secure.
Each dimension of symbols will have a fixed location on the token/button, 1st dimension has all the numbers, they will only appear on the upper left corner of each token/button, 2nd dimension has all the alphabets, they will only appear on the upper right corner of the tokens/buttons ⌠so on. Therefore if a user passcode is all numbers, the user only needs to concentrate on the upper left of each token to see if his pins are on the screen, and if his passcode are all characters like âpdacfâ, he needs to only look at the upper right corner of each token to locate his pins, they wonât appear in other 3 corners. This will help the user to quickly enter his passcode.
Iâve done some tests on my own, I can scan the table with my eyes and quickly locate the pins among other symbols, it only takes a second or so for each pin to be entered, you can verify that by looking at the videos I made, and if you donât want to take my word for it, just set up a camera and try it for your self, maybe you can do it even faster than me !
But, please keep this in mind when you compare the pros and cons of the GATE system with traditional password system :
[1] Can it defeat peek-over-the-shoulder ?
[2] Can it defeat keylogger ?
[3] Can it defeat phishing ?
[4] Can it defeat video recording ?
[5] Can it defeat dictionary attack ?
[6] Can the system make it easy for the users when it comes to requirements like lowercase, uppercase, numbers and special characters, at least 8 digits long, change every 2 ,3 months âŚ
After you compare the answers of all the above questions, THEN come back and ask âusability and accessibilityâ, which is more important ? Is GATE SO HARD TO USE that youâd rather trade all the above advantages for the little bit of âusability and accessibilityâ ? Actually the requirements of the current system MAKES IT VERY HARD TO USE AND YET STILL NOT SECURE ! Donât you think so ?!
Speaking of which, there are actually some studies done on this topic for the current password system, if you are interested, you can find them at : http://cups.cs.cmu.edu/ [ Look for " Passwords and authentication" in the middle of the page ], it was toward these weaknesses of the traditional password system that GATE was born, if anyone is interested in doing some âusability and accessibilityâ study on GATE, they are welcome, there are FREE sample demo GATE apps, available for the test.
I did. In your test with a real user he took around 12 seconds to enter a very simple 4 character PIN (card suits).
Now imagine you are using more complex 6 character PINs and have 10 different passcodes. Now imagine you have dyslexia or impaired vision.
A bio-metric based password manager meets all your questions and has the added security of a second factor and not storing whole passwords. Login is almost instant.
In my example it showed a 4 x 4 table, there are also 3 x 3 and 2 x 5 tables, they are more user friendly. Also in the video above it showed an old version of the UI, now there is newer version of UI, looks better.
A lot of places are starting to ban bio-metrics, besides if your bio-metrics data gets breached, what are you going to do ? A facial reconstruction or change your eyeballs ?!
How much percent of the population is blind ? What about the majority ?
And even for the blind, there are devices like this to assist blind people, also this one. They can be customized for GATE, use your imagination.
The percentage who are completely blind is very low. However many more have an impairment which means they may have difficulty reading a grid of mixed characters. When you also add dyslexics you reach around 20% of the population.
Biometrics are not perfect and there is certainly room for improvement. It wonât be long before we have continuous sampling. Small samples of fingerprints, voice, face and iris which are combined to authenticate and grant access.
Biometric data could indeed be breached. But I would still prefer that, combined with the extra protection of something I know and something I have, rather than a single 4 character PIN which could be hacked remotely. CPU vulnerabilities and good old human error, place stored passwords at risk, as news reports frequently prove.
It would be interesting what some video recording and analysis of the GATE system would reveal. If people are forced to remember a password they will pick something easy to remember and therefore predictable. I also suspect that people will take an identifiable amount of time to determine that their character is not present in the grid. With just a 4 character PIN I suspect it wouldnât take too many runs for an AI/ML system to determine the correct passcode based on input times, pattern sequences and a trained neural network.
Iâm surprised you have so much know about the 20% people who might have difficulty, and care so much about them, youâd rather put the other 80% at risk currently they are facing daily.
While you can improve on bio-metric system, hackers can also improve their hacking techniques on that.
That something you have [ fingerprint, facial feature, iris, key fob, cellphone ⌠] could all be easily used by someone else [ hacker ] to login you in without your consent, imagine Tom Cruise befriend a target [ female ] and become a boyfriend, easily get her fingerprint, or use a hidden camera to log her in, or have access to her cell phone while she is in the shower/asleep/drunk ⌠so KNOWLEDGE is still the most important part of authentication, it shows your intention to login, while something you have can be âhijackedâ without your consent.
When comparing GATE to current system, please keep in mind the number â0â, thatâs how many times current system can withstand a keylogger or video recording, for GATE itâs N, and N is definitely > 0, so whatâs the point of talking about âAI/ML systemâ or âtrained neural networkâ, while what you have now is â0â ?
Sure, I understand not everyone would like GATE, for whatever reason, but for someone with high value accounts, with a clear picture of what he is facing in the dangerous digital world, a bulletproof glass is better than a regular glass, I would envision old and new system exist side by side, let users have a choice, if they like the old systemâs simplicity, use the old login format, but if they value the security of the GATE system, use the GATE login format. Users of the old system will gradually won over by the new system, as traditional password systems are easy targets for the hackers.
And if an organization can offer their users the choice, it might improve its security, especially for critical accounts.
I am surprised you care so little about so many millions of people. We should aim to design inclusive technology which is accessible to all.
GATE does undoubtedly have the advantage of protecting against over-the-shoulder hackers. But losses out by being single factor and requiring the whole passcode to be stored. Your Tom Cruise secret agent just needs to hack the server (physically or remotely) to obtain everyoneâs passcodes. No need to befriend people, record them, clone their biometrics, or obtain their devices.
Donât forget that someone using a password manager is not necessarily going to be typing passwords. In which keyloggers and video recording are useless.
I will continue to watch with interest how widely adopted GATE becomes. I can see it having some applications. Perhaps as a replacement for numerical door keypads. In which case the name is very apt.