Passwords seem to remain the weakest link in the security of online systems. There are plenty of people who already find ‘welcome123’ difficult enough. And just manage to keep using it for all their accounts. Merijn de Jonge came up with MindYourPass, a solution for the ‘password problem’. A topical problem as well, because many people now mainly work from home.
De Jonge finds it interesting that we insurance against fire and illness is normal, “but investing in online security is way less obvious.” He came up with a solution that fits the infrastructure of passwords that has been around for the last forty years. Many IT people want to get rid of passwords, but so far no alternative has been found that is sufficiently secure and works on every account.
With the MindYourPass password generator only one easy to remember password is needed. A patented mathematical formula together with that easy password generates a strong password for every online account you want to login to, explains De Jonge. “And it’s completely anonymous”, De Jonge guarantees. “We know nothing about the users of MindYourPass. We don’t even have e-mail addresses and we don’t store any passwords. There’s nothing we can do for hackers.”
It works on every site in the whole world, De Jonge promises. “Other means of security are, for example, codes sent to you via an app or an extra device you need, the so-called two-factor authentication. However, you must first download that app or have that device. And it doesn’t work for every site.”
If you create an account online, for example at bol.com, you put your personal data in a kind of safe. Because you don’t want anyone to have access to it, you create a password. That’s your key. Not only do people use passwords for private purposes, but also for their work in order to access confidential and privacy-sensitive information. “That’s the password that employees come up with. That’s where the problem starts, says De Jonge: “Unfortunately, people can’t invent and remember a good password.”
A strong password is long, consists of random characters, and is unique. De Jonge: “A passphrase is often better, but consists of words that can be traced. And if someone has a strong password, he often uses it for multiple sites, so it is no longer unique.”
Everyone may well have twenty to forty accounts for which they have a password, De Jonge continues. This often results in the same key for all, or with just a slight modification. Those weak passwords determine how strong the online security of company data systems is because even for the ‘company safes’ people don’t come up with strong passwords, says De Jonge. Hackers can make different combinations of those weak passwords and try to access company systems by tracing those weak passwords.
There are tools that come up with strong passwords and store them for you, but a company cannot force employees to use them. That’s why De Jonge turned it around. “I look at the organization as a whole. How can all those safes, even private ones, of all employees within an organization be optimally secured?”
Forcing strong passwords
On top of the password generator, De Jonge came up with the password firewall for companies. That firewall forces employees to use strong passwords. With the result that they cannot log into the purchasing system with a 123-password, for example”. Usually, companies have security built in. A computer system like Windows, for example, asks for a new password every once in a while. “But this is only for internal company accounts and not for online accounts. MindYourPass applies to all accounts, including private ones.”
To help employees with those strong passwords De Jonge built a password generator. Via the MindYourPass site, everyone can download and use this generator for free. “This is partly based on our vision that everyone has the right to live their digital life in a safe and friendly way. And we hope that if individuals are enthusiastic they will help us get in touch with companies. So that they eventually sign up with us for the firewall.” Once installed, the generator can be used both privately and for business purposes.
Ready for the market
Last year, MindYourPass received a subsidy from the Brabant Startup Fund. With this, De Jonge and his team refined the technology and made it ready for the market. “We now have the first paying customers, but like so many, we were overwhelmed by the corona crisis. This meant that the contacts we had were paused for a while because there were more urgent matters.”
By working from home a lot, De Jonge hopes that companies will understand the importance of good online security. “Everyone thinks: it won’t happen to me that my house burns down and I’m left empty-handed. According to De Jonge, hacking is also common and its impact can be at least as intense. With MindYourPass, De Jonge wants to make the security of digital safes visible and tangible. “How many are secured with a strong password, how wide open are the doors of your safes? MindYourPass is part of the insurance of your home.”