Interview: My1Login’s Michael Newman on the importance of password management

Note that our interview was carried out before the company announced that they had secured £1m worth of angel funding ahead of a Series A Round expected to start in 2014. The investors includes TRI Capital, Equity Gap and the Scottish Investment Bank plus a number of individual business angels.

What is my1login and what does it do?

my1login solves the problem of remembering and managing your business passwords. Taking less than 5 minutes to set up, my1login works in conjunction with existing business passwords, allowing employees to access web sites with just one login.
 Since employees no longer have to remember passwords, they can be made strong and unique, increasing business security.

my1login also provides an audit trail of password access, removes the problem of insecure password storage and sharing, and enables the easy ceasing of employees.

my1login improves business security and makes the web simpler for employees allowing them to sign into sites with one click.

What are the business benefits from adopting my1login?

my1login helps lower operating costs by reducing employee downtime and removing the need for helpdesk calls to reset passwords. It will also report on the concurrent use of logins, which can potentially lower the number of licences required for a specific product or service.

Through centralising the administration of passwords and logins, my1login improves employee productivity by reducing the time wasted on forgotten logins and enable selected logins to be securely shared with colleagues. These logins can then be edited or revoked at any time.

Also, since it’s no longer necessary for employees to remember their passwords, they can be made strong and unique, significantly increasing online security for the business. my1login also provides the business with security analytics, reports and recommendations to help improve corporate security.

Is authentication security really an issue for business?

In Verizon’s recently-published 2013 Data Breach Investigations Report it was found that 40 per cent of security breaches were from login credentials being guessed, cracked, or re-used and 25 per cent of breaches were caused by phishing. my1login protects businesses against all of these forms of attack i.e. 65 per cent of the causes of data breaches.

How is it secure to store your passwords in the cloud?

With my1login, business passwords are encrypted using a key phrase that is created by business users when they set up their account. my1login does not store the key phrase and it’s only ever used in the local device to encrypt login information before it is sent to my1login. It’s totally impossible to decrypt and access the data without the key phrase. So even if hackers somehow managed to breach my1login security and access our servers, it would still take millions of years to try every permutation of a reasonable length key phrase to decrypt the data.

Single Sign-on seems to be a traditional solution to solving the problem of remembering passwords, how does my1login compare?

Unlike legacy Single Sign-on (SSO) solutions, my1login can be used with all business passwords as there is no need for integration with the 3rd party services being accessed. The service also enables vastly improved, centralised management of all business passwords, providing vulnerability reports on weak passwords and instances of employees re-using the same password on multiple systems. It can also help monitor and reduce license costs for 3rd party system. In addition, employees benefit from only requiring to remember one login.

How is my1login different from other Password Managers?

Using two-step authentication by default, my1login is possibly the most-secure cloud-based password manager for business out of the box. Being totally cloud-based, my1login can be accessed from anywhere and on any device without the need to download software or install browser plugins.

What technology underpins my1login?

A layered combination of AES-256 symmetric encryption and RSA-1024 Public Key cryptography is used to protect business data. Business login information is encrypted and stored in a way that means even my1login cannot access it. To further enhance business security my1login also employs SSL, anti-phishing, anti-spoofing, keylogger, screengrabber and brute force protection.

If someone was looking for a SSO/PM solution, what would you say are the main considerations they should look out for?

When choosing a solution a business should use the five evaluation criteria of system compatibility, device compatibility, security, deployment time and pricing to help you make the right decision for your business.

How does my1login see online authentication evolving over the next 5 years?

We see the trend of password manger use continuing to grow, both in the consumer and business markets. The increasing number of passwords people need to remember, together with the increasing number of devices they use, necessitates a solution which provides a simple, yet super-secure, way of accessing accounts from anywhere.