I'm a Sr. software developer. In the summer of 2015 I watched a PBS TV show called "Rise of the Hackers", in which it talked about the vulnerability of the Internet and said traditional password is a weak link in cyber security. That inspired me to do something about it and fix this problem, so I came up with a solution called GATE : Graphic Access Tabular Entry.
What it does
GATE is an interception-resistant user authentication system, which means even if someone intercepts/sees you when you log in [ assume he sees/records every detail of your authentication ], he still won't know what your password is.
Based on user password choice, server renders password entry buttons/tokens on a screen, rendering multiple characters per button. When button selection is made by a user there is no way for an observer to know the actual password due to the multiple characters per button. This makes GATE an interception-resistant authentication system which increases passcode strength exponentially.
Each subsequent rendering of buttons by the server will be unique, based on the GATE algorithm, ensuring button selection cannot simply be repeated based on button location in order to infiltrate an account. Due to the rendering process required in order to present password buttons to a user, a server has to already know the password of the user in order to render an appropriate array of buttons. Therefore bogus or malicious servers will not be able to render an appropriate array of buttons to a user, which allows the user to recognize whether or not the screen he is looking at is being controlled by the appropriate body. In traditional password system, server authenticates user, yet with GATE, user also authenticates server, therefore defeat phishing by design.
GATE can use short and easy to remember passcodes to defeat peeking, wiretapping, keylogging, phishing and dictionary attack without the restrictions of lowercase, uppercase, numbers & special characters !
How I built it
I used Java Swing to build it.
Challenges I ran into
Accomplishments that I'm proud of
I've received 2 US patents, one for GATE authentication [ user login ], another one for GATE encryption [ massage/data encryption ], and I've also applied for PCT international patents in 50 nations.
In the past few years it has won 6 international cyber security awards.
What I learned
To think like hackers in order to defeat them.
What's next for GATE_For_PM
Find a market for it ^_^ !