SAN JOSE, Calif.--(BUSINESS WIRE)--TapLink, the company that’s restoring trust in passwords, today emerged from stealth mode and introduced a new technology, called Blind Hashing, that prevents offline password attacks by making databases impossible to steal. TapLink is completely invisible to the end-user, easy to integrate, has minimal impact on back-end systems, and works in conjunction with existing password defenses, systems and processes. The company will introduce its patented cloud-based password protection product at RSA Conference 2015 booth S639.
Protecting password databases and users’ privacy is one of the world’s biggest problems. Consumers and businesses prefer passwords because they are easy to use, but once a password database is stolen, current encryption methods are easily defeated by criminals. TapLink’s patented Blind Hashing system makes it impossible to steal or recover passwords from a database.
TapLink has been in deployment on over 40 websites and protecting millions of passwords for the past two years. uRide, a pre-paid on-demand car service for college students, is rolling out TapLink to protect its passwords. “uRide enables parents to create an account which is credited by them and debited when a student takes a ride. Our app makes it easy for students to order a car, and gives parents peace of mind,” said Robert Dicks, founder and CEO of uRide. “Password security was one of our top priorities. With TapLink, we no longer have to worry about our databases being compromised by offline attacks.”
How Blind Hashing Works
TapLink's patented Blind Hashing technology transforms a password hash into a lookup function within a massive pool of completely random data. The result of the lookup is used to decrypt the hash and allow the authentication process to be completed with no latency impact to the log in process.
A petabyte-sized data pool acts as a "data anchor" to prevent an attacker from ever cracking a single password. In order to begin the password cracking process, an attacker would have to steal the entire data pool, spanning hundreds of solid state drives (SSD) across multiple data centers. In what pundits have dubbed "security by obesity", the TapLink data pool is so large that simply trying to transfer it over the network at full line rate would take years.
With TapLink, not a single username and password ever leaves the end company’s servers. Blind Hashing prevents offline password theft without an organization giving up control of their user authentication process. It is a powerful “additive” layer that solves the significant problem of protecting user passwords.
Meanwhile, the TapLink data pool acts as a common defense fund for all the passwords under its protection. Since every new company that uses TapLink grows the size of the data pool, and increases the security for everyone using it.
"Password theft puts our entire digital identity in the hands of internet pranksters and cybercriminals, who use stolen credentials to cause billions of dollars in damages every year,” said Jeremy Spilman, CTO and Founder of TapLink. “TapLink Blind Hashing protects an organization’s systems, operations, brand, and most importantly, its customers from the most prevalent attack vector online today."
Availability and Pricing
TapLink Blind Hashing is available immediately. Pricing is per protected password. TapLink can be deployed in test mode to monitor performance, reliability and security. For a zero risk pilot write to: firstname.lastname@example.org
Blind Hashing Technical Deep Dive: https://taplink.co/technology
TapLink Datasheet: https://files.taplink.co/TapLinkBlindHashingOverview.pdf
Password database breaches impose direct remediation costs and reputation damage on the victim organization, while exposing users to fraud. TapLink’s mission is to restore trust in passwords. The company’s patented cloud-based technology, called Blind Hashing, prevents offline attacks by making password databases impossible to steal. TapLink is completely invisible to end-users, easy to integrate and has a very low impact on back-end systems. To learn more, visit www.taplink.co or write to email@example.com