AreaWFI is a new startup, with the mission to combine web usability and security. From sharing your photos on your favourite social network, to using your credit card online to buy something you like: we know that web surfing can be unsafe. We know it, you know it and we are here with something special that you shouldn't miss.Contact to learn more about E-T
Many software vendors claim they have THE solution to protect your internet credentials. Don't trust them, there isn't a way to do it. You expose your credentials every time you use them in a web page, or when you copy and paste them in web forms. E-T works with your internet connection. It protects your login on websites that support our E-T technology. We make internet credentials theft harmless. Our device does not allow login to illegitimate users. Stolen credentials are not usable. With E-T, you can give litterally away your username and password away in a public website. Our exclusive technology enforces your rights on your internet credentials and you and you ONLY will be able to use them. E-T is Electronic Territory.
Q: Why E-T? Doesn't Two Factor Authentication (2FA) already have what I need?
2FA is secure only for a very restricted scenario, it can't be widely adopted both for security weakness and for usability issues.
The One Time Password (OTP) needs the operator to send you an OTP for every login and this is annoying.
Do you really think that 2FA is a wide deployable solution? if the answer is "yes" read this paper
How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication.
There are client certificates (CC). CC is, on the usability side, the worst solution you can immagine to make your website login secure. You must manage a PKI, you must generate CSR on the clients, sign them with a CA, install them on all clients you use to access the resource. On the client side, user must manage all his certificates. Finally, once all certificates are managed on the clients device, it isn't more secure than the password stored in your web browser (one of leading 2FA solution in the market stores private key on the smartphone). You can use RSA security token, but you need one security token for every website you use and every website needs to implement them in his software stack. On the web side, CC is mandatory, you can't choose whether to use them or not. The truth is that modern 2FA are not for wide adoption nor secure.
This is an interesting analysis of 2FA as it is today: Two-factor authentication, necessary but not sufficient to be safe
E-T has no one of the well known vulnerability of modern 2FA. With E-T there isn't browser or other low level interaction with authentication system, except than standard user name and password typing, then every attack to the browser or the client device running them can't be used to obtain informations useful for the authentication or to bypass the authentication procedure.
Modern 2FA is insecure because used on insecure devices.
Q: Is it complicated to be implemented by internet operators?
A: No! It's easy and it doesn't disturb software flow. We have integrated E-T into Horde webmail in about half an hour of work. It is as simple as calling a webservice.
Q: Why don't you make a phone app with the same functionalities?
A: The key point is the security. With a dedicated device we can have every aspect under our control, while with a third part device we can't. E-T is an always on and up to date device, which gives access to your digital life and holds very sensitive data. It is not a good idea to rely on a smartphone for this kind of task. In our vision a better approach is to make a dedicated SOC to handle all E-T needs and integrate them in the smartphones. In this manner E-T is only connected to smartphone through a network link. This makes everything very secure.
Q: What user needs to do before E-T can protect his accounts?
A: The first step is to register himself in the WFI network. To do so, the user must fill up a form in the E-T management GUI and send the request with his personal data to us, under the form of a certificate signing request (CSR). We (AreaWFI) verify all the data, sign the certificate and send back them to the originating E-T. The user now has the ability to select an operator in the E-T GUI and to ask for the protection of one or more accounts he owns.
Q: What are you asking for?
A: We now are at the prototype stage. We implemented some of the major features as you can see in the video. We now need funds to move up from prototype stage to the engineered device ready for production. To this end we need funds for two years development. As a viable alternative we can make a partenership with a big company to sell the right to develop, produce and sell E-T enabled devices andsmart phones.
Feel free to email us to provide feedbacks