The Impact fintech/insurtech conference proved that Polish fintech startups abound in talent and innovation. Cyberus Labs, a company founded only in 2015, faces the challenges of the field head-on and plans to revolutionize cybersecurity with their password-less authentication system.
„We decided we won’t try to save a sinking ship,” said Marek Ostafil, the COO at Cyberus Labs. “The current trend in cybersecurity is to keep improving antiviruses and threat-responding systems. We think that it’s easier to remove the threats altogether than to try to outpace hackers in the cyber race for decades to come. We managed to eliminate the biggest problem and the weakest link of cybersecurity: username and password.”
It is estimated that over 2 billion login credentials – for instance, our bank accounts data – have been already stolen. Two out of every five people fell prey to identity theft (you can just hope it was your neighbors, not you). The systems we tend to use – login with a password or SMS confirmation – are actually the weakest authentication methods available.
“Until now, the systems were either safe (and extremely complicated) or easy to use. Cyberus Key offers both security and convenience”, said Ostafil. The system requires one click only, and the login procedure takes 2 seconds at the most. When you open your bank’s website, you will see a Cyberus Key widget. Once you click on it, it will produce an audio signal. The Cyberus Key app on your phone will confirm that you are authorized to use this portal and voilà, you are logged in.
The whole authentication process is hidden behind the audio signal. Each signal contains a one-time password that expires in 200 milliseconds. The encryption method used – one-time pad – is the only method that was proven uncrackable. The best part? The system is anonymous – no personal data is transmitted during the login procedure, so you have a guarantee that no third party will be able to steal your login credentials. Even if someone manages to hack the transmission, they won’t be able to tie this signal with you. If a hacker records the audio signal, the one-time password will have expired already, making phishing attacks impossible. You can safely use this system in public networks, or even in public spaces where someone might be glancing over your shoulder to see your password.
The weakest link of the system is… you. After all, your phone is the key, so if you lose it or someone steals it, you’re in trouble. Cyberus Labs offers the standard procedure for blocking it in case of emergency. As the average time of realizing your phone disappeared is only 20 minutes (as opposed to 3 hours in the case of a wallet), this solution seems more secure than blocking a credit card.
The company has three cofounders. George Sławek, the CEO, is an entrepreneur with over 30 years of experience in Silicon Valley. Marek Ostafil, the COO, is a manager, entrepreneur and advisor; he has been working on international projects for over 20 years. Jacek Wołosewicz, the CTO, is the author of Cyberus Key system. He is a graduate of MIT and the creator of SDMI, a standard for audio signal marking.
The Cyberus Key system was introduced during the Cybersec conference in September 2016. It is a finished, ready-to-use product. The Cyberus Labs team is currently working on 5 large implementation projects both in Poland and abroad and plans to launch the first one before the end of the year.