Remembering usernames and passwords is the bane of many an Internet user’s existence. Facebook, MySpace, Google, banking websites, tax e-filing and online e-mail services all require people to remember a long list of login credentials.
The solution for most people is to write down these details or save them in a text document on their computers. But this is insecure and, as anyone involved in IT will tell you, a terrible idea.
Password-based systems are inherently not secure anyway. Passwords are often easily guessed and keylogging software can be used to steal people’s login details.
Stellenbosch-based entrepreneur Justin Stanford hopes to solve the problem. Flush with "many millions" in funding from billionaire businessman Johann Rupert, Stanford’s company, Fireflight, has developed one-time password software for cellular phones that he hopes will gain traction not only in SA but also in international markets.
Stanford heads an investment group called the 4D Innovations Group. He says: "Johann [Rupert] and I have always spoken about getting into business together. We concluded a deal whereby he would personally back Fireflight, and there are other projects we are going to be looking at doing together."
Fireflight, which is within spitting dis tance of another successful technology start-up, the cellphone instant messaging company MXit Lifestyle, began work on the one-time password, or OTP, system more than three years ago. Originally conceived as a low-cost solution for authentication for online banking, Stanford and his team quickly realised it had far bigger potential.
Here’s how it works: you download the Fireflight software from the company’s website – www.fireflight.co.za. Then, whenever you go to a website that uses Fireflight’s OTP, you simply fire up the application on your phone to receive a password. No information is transmitted over the air; rather the system uses clever mathematical algorithms to match the password on the phone and on the Web server.
As with the banks’ OTP systems, the password expires almost immediately.
Stanford describes Fireflight as a "universal personal authenticator". It will run on almost any cellphone. "We worked hard to make sure the application looks consistent across multiple platforms."
To ensure the product gains traction internationally, Fireflight will give away what it calls a FireID token. This can be used to log on to websites that use OpenID authentication. OpenID is a single sign-on standard for websites and is used by the likes of Google, Microsoft and Yahoo to varying degrees.
Sybase has signed up as a distributor in SA and the company is also in talks with a large, listed IT company. Fireflight has had discussions with potential distributors in North America and Europe as well.
Jenny Dugmore, former head of Sybase’s Western Cape operation, has been appointed Fireflight CEO. Other key members of the team are Malan Joubert, the technological architect of the software, and Erik van Vlaanderen, chairman of the 4D Innovations Group.