With a mission to provide cybersecurity to individuals to safeguard themselves from threat actors, a Pune-based (Maharashtra, India) cybersecurity enthusiast came up with a password management solution in the form of a smart device.
By Minu Sirsalewala, Editorial Consultant, CISO MAG
Byteseal, a product of Elementik Technologies Pvt. Ltd., is a single authentication device; it is a native credential management platform that provides end-to-end password management solutions. Users can store their login credentials in a safe, secure and encrypted manner by delivering dynamic solutions with this device.
In an exclusive interaction with CISO MAG, Nikhilesh Wani, Co-founder and CEO, Elementik Technologies Pvt. Ltd., discussed the product and the upcoming features to address the password vulnerabilities due to human error in cybersecurity – the leading cause for most cyberattacks. The 24-year-old Wani, who has a Bachelor of Engineering (Electronics and Communication) degree, has the vision to help people take control of their digital security, but not at the cost of their freedom.
After two years of rigorous R&D, Byteseal was slated for a February 2020 release, but the onset of the pandemic disrupted the supply chain, and they were not able to launch as scheduled; however, it entered the market in May 2021. The company has put all the identity management solutions and products under the umbrella brand “Byteseal.”
Wani opines, “Our disruptive technologies are meant to replace the conventional method of managing passwords and makes it easy to deliver to customers a fast and secure login experience with just a tap. People and businesses will now be finally able to reduce cyberattacks and enable security for their users and clients.”
Human Factor in Cybersecurity
The Cybersecurity Framework is composed of multiple components. One aspect is malware protection, which can be taken care of with antivirus software, moving to the second part, identity management or access control. Access control systems and mechanisms based on username and password authentication are the weakest link in the cybersecurity setup, as humans tend to work with simple, repetitive passwords for multiple accounts. And when this practice is applied on a large scale at an enterprise level, it opens up a huge vulnerability to hackers. An organization may have state-of-the-art security, but all it takes is one weak password to compromise the entire system.
To solve the human error in cybersecurity, Byteseal came up with a method combining all the three authentication factors on one platform. The three authentication factors are OTP, access to tokens, and biometrics. All three are weaved into a single device termed as a personal authentication device. The device stores all passwords for all websites and can be activated with one touch.
The Byteseal device helps store and manage passwords, facilitating the use of complex, special character-based passwords that need not be memorized or written down for recall. In an enterprise scenario where hundreds of websites and applications are used daily and need authentication, the device can be used to manage passwords and for access control. This allows organizations to have stricter password policies in place with added control and an enhanced level of cybersecurity.
Organizations can monitor and manage the devices remotely and the user need not even know the passwords stored on the device. This helps in bypassing and eliminating the human factor.
Going beyond just passwords, the device can also detect keylogging and phishing attacks. The system detects whether the URL you’re trying to autofill with your credentials is correct and does not allow you to enter your username and password, thereby overcoming the phishing attacks.
As there is no need for manual typing of the passwords, your keys cannot be logged. And therefore, if some malware is sitting inside your computer, listening to whatever you type, they won’t be able to listen to what passwords or usernames you are typing. This works as an added security layer. The vision is to eliminate the human vulnerabilities from the Cybersecurity Framework.
The device is designed to look like an identity card. It has an option to add NFC or RFID capabilities to the device. It can also be used for access control purposes, physical access control and attendance purposes. It doubles up as your identity card as well as an authentication device.
Currently, the product is available as a standalone solution for end consumers and enterprises. Soon the product will be linked for both personal and professional usage on the same device for increased efficiency and is expected to be rolled out in the next 2-3 months.
As most sectors have shifted to remote work and the BYOD culture is rising, the Byteseal device can help mitigate the risk that comes with this culture. Most malicious attacks are through the end-user device, which was not a part of the native security design. The authentication device is Bluetooth enabled, and itself does not have any memory. With the USB option eliminated, even if there is any malware on the computer or end-user device, it cannot hamper the device. The device uses the Bluetooth 5.0 standard.
Around 100 customers have acquired the device both in the B2C and B2B categories. The current offer price is pegged at INR 3,000. After a few months, the company plans to move to a subscription-based model at INR 150 per month.
Wani concludes, “In India, what we have observed is that cybersecurity is only equivalent to antivirus software for many companies. This should be taken care of on a priority basis as hackers target human vulnerabilities, and this needs to be resolved on an urgent basis.”