September 8, 2008

Usable Security Systems Launches With a Service That Makes Passwords Obsolete and Gives People Secure Access to Any Web Site

SAN DIEGO, Sept. 8 /PRNewswire/ -- DEMO Conference -- Usable Security Systems (, making its debut today at the DEMOfall 08 conference, announced its first service, UsableLogin, which allows a person to choose one simple codeword to login securely with multi-factor authentication to any Web site. Passwords and all other Web authentication options available today rest on the assumption that humans are perfect, that they have amazing memories, can keep secrets and don't lose anything; UsableLogin takes people the way they are and gives them something they can easily do: recognize a familiar picture and remember one simple word.

Usable Security CEO and founder Rachna Dhamija, Ph.D., a recognized pioneer in the movement to apply usability, psychology and human behavior to security, explains, "Today's best practices in security dictate that we follow inhuman password rules such as remembering 8-12 character passwords, and multiplied 25 times because that's the average number of online accounts we have. Humans can't possibly do this, and 'enhanced authentication' schemes such as hardware tokens or challenge questions only make things worse. At Usable Security, we believe that if it isn't usable, it isn't secure."

Chris Shipley, executive producer of the DEMO Conferences said, "Security and convenience are typically polar opposites. Usable Security Systems has married the two at just the moment when a complete security solution is urgently needed. As people move more of their lives online, they'll want and demand convenience and security more than ever. UsableLogin easily delivers both for everyone."

Every Person and Web Site Can Easily Use UsableLogin

Web sites insert a snippet of JavaScript on their site, or individuals download a browser extension that presents a UsableLogin box. The user personalizes their UsableLogin by choosing a picture and a personal codeword, which can be as easy to remember as their cat's name "Fluffy." Thereafter, their UsableLogin will appear consistently across every Web site and account they login to, whether it is their bank, social network or a shopping site.

When logging into a site, the person's familiar UsableLogin box appears and they type in their simple codeword. UsableLogin then goes to work behind the scenes to create a verifier, which is equivalent to a strong, complex password, and is unique for accessing that site. It does this by cryptographically combining the person's codeword with secret data from different, separate sources, including the computer the person is using and Usable Security's servers. Usable Security never stores or saves the person's codeword, and Web sites never see it.

UsableLogin works at any Web site that accepts passwords today, and works with any operating system or browser.

Consumers Gain Security, Convenience and Control In Accessing Web Sites

Security: UsableLogin is the first security service to provide mutual multi-factor authentication, which defends against existing and emerging attacks. These attacks include phishing, Man-in-the-Middle (MITM), Domain Name System (DNS) and insider attacks.

UsableLogin constructs a complex Web-site verifier using split-key cryptography by combining secrets that reside in separate locations, from the user's computer to multiple locations on Usable Security's servers. By design, UsableLogin has no single point of failure for an attacker to exploit. In contrast, Single Sign-On (SSO) and password management systems concentrate vulnerability by relying upon a centralized password database, creating a tempting target for attackers.

Convenience: Wherever users go to login, their familiar UsableLogin appears, displaying their user name and requiring them only to recognize a picture and enter one simple codeword in order to login securely. UsableLogin achieves multi-factor authentication using what people already have (e.g. their cell phones and email accounts) without the need for additional hardware or complex procedures that differ from site-to-site. To use the service, users set up each of their computers only once, no matter how many Web sites they access.

Control: For the first time, users can have control of all their online accounts from a single place. A personal dashboard lets them view login activity across all their accounts; enable or disable access from different computers or devices; give others limited-time access to their accounts; and in an emergency, suspend login at all of their Web sites and accounts with one click.

Web Sites Can Upgrade their Password-Based Authentication Systems

Web sites can give all of their users the benefits of convenience and security offered by UsableLogin simply by inserting a snippet of JavaScript into their site. This easy step upgrades the site's existing password-based system to achieve multi-factor authentication and attack resistance; reduce the expense of resetting passwords; and achieve regulatory compliance.


UsableLogin will be available in early 2009. Individuals and Web sites may sign up now at to receive announcements about UsableLogin's availability.

About Usable Security Systems

Usable Security Systems develops human-centered security products and services for people's life online. In early 2009, Usable Security will launch UsableLogin, the first service to allow people to access any Web site with the simplicity of a single codeword and the security of mutual multi-factor authentication. The company's CEO and founder Rachna Dhamija, Ph.D., is a pioneer in the movement to apply usability, psychology and the study of human behavior to security. CTO and founder Allan M. Schiffman has been an innovator in Web security and e-commerce for 30 years. Privately funded, Usable Security ( is based in San Francisco. Media contact: Darcy Provo, Antenna Group, [email protected], 415-977-1920.

About DEMOfall

Produced by Network World Events and Executive Forums, the semi-annual DEMO conferences focus on emerging technologies and new products, which are hand-selected from across the spectrum of the technology marketplace. The DEMO conferences have earned their reputation for consistently identifying tomorrow's cutting-edge technologies, and have served as launch pad events for companies such as Palm, E*TRADE, Handspring, and U.S. Robotics, helping them to secure venture funding, establish critical business relationships, and influence early adopters. Each DEMO conference features approximately 70 new companies, products and technologies. For more information, visit

Usable Security Systems

CONTACT: Darcy Provo of Antenna Group, +1-415-977-1920,[email protected], for Usable Security Systems

Web site: