Solution To Password Problems :
GATE [ Graphic Access Tabular Entry ]   

An Interception-resistant Authentication System

By Ni , Min [ Frank ] of GATE Cyber Technology, Atlanta GA USA, 2020

GATE_For_PM

GATE is a revolutionary password/passcode entry process that retains account security even in situations where potential intruders witness the entries being made. Based on user password choice, server renders password entry buttons/tokens on a screen, rendering multiple characters per button. When button selection is made by a user there is no way for an observer to know the actual password due to the multiple characters per button. This makes GATE an interception-resistant authentication system which increases passcode strength exponentially.

Each subsequent rendering of buttons by the server will be unique, based on the GATE algorithm, ensuring button selection cannot simply be repeated based on button location in order to infiltrate an account. Due to the rendering process required in order to present password buttons to a user, a server has to already know the password of the user in order to render an appropriate array of buttons. Therefore bogus or malicious servers will not be able to render an appropriate array of buttons to a user, which allows the user to recognize whether or not the screen he is looking at is being controlled by the appropriate body. In traditional password system, server authenticates user, yet with GATE, user also authenticates server, therefore defeat phishing by design.

GATE can use short and easy to remember passcodes to defeat peeking, wiretapping, keylogging, phishing and dictionary attack without the restrictions of lowercase, uppercase, numbers & special characters !

Fixed passwords have the advantage of easy to remember, one time passwords have the advantage of hard to hack, GATE passcode is a fixed passcode to the user, but from the hackers' perspective, it changes every time, GATE passcodes have the best of both worlds, short [ 3 to 6 digit ] and easy to remember, yet secure and hard to hack.

Current Password System Problems : [ See details in Password Problem Wake Up Call ⚠️ ]

Times have changed, we are now in the 21-century, yet we're still using the age old password system, hackers now have state-of-the-art tools to steal our passwords, we also need better ways to protect ourselves, we need to be a few steps ahead of the hackers. The fact that accounts with traditional passwords will be hacked is a matter of "when" not "if", they are just one hidden camera/keylogger/phishing attempt away from being compromised. Let's wake up to the cruel reality, rather than pretending not to see it by playing ostrich, hackers will see what you don't want to see [ weakness in traditional passwords ] and take advantage of it, a chain is only as strong as its weakest link ! Let's face it and fix this weak link !

Password managers only solve part of the password problem [ too many passwords to remember ], but leave the other important part unsolved [ user pin exposure during login : peek over the shoulder / keylogger / video camera ], if you rely on password managers for first part of the problem, they might come back and bite you big time for the 2nd part of the problem, because once your master password is exposed [ by keylogger / hidden camera ], all your passwords will be stolen. Hackers will enjoy the benefits password managers bring them, instead of having to hack dozens of your accounts, with the help of password managers, they now only need to hack just ONE ACCOUNT to get the master password and all your other accounts will be compromised.

As of July 2020, there are 15 Billion Credentials Currently Up for Grabs on Hacker Forums. World population is now 7.8 Billion, if you take out half of it from poor countries that don't have a lot of computers, there will be around 4 Billion left in developed countries with computers and online accounts, so that means averagely speaking, we all have 3 or 4 accounts breached !

In this video you can see how hackers intercepted user passwords from far away, which seems like a safe distance from the user, yet the hackers were able to figure out user passwords by looking at their finger movements and analyze the data to steal the passwords.

A solution to the above problem is GATE_For_PM. The purpose of GATE_For_PM is to protect passwords from exposure, especially the master passwords of password managers. With GATE_For_PM, user's GATE passcodes are interception-resistant, which means even if someone is watching / keylogging / video recording the user log into the GATE system, user passcode will not be exposed.

You can learn How GATE Works before using GATE_For_PM. More GATE info is here and there.

It would be ideal to have each password manager implement GATE and protect user's master password during any login process, but that will take a long time, so the quickest and easiest way I can think of is to use a program like GATE_For_PM to fill the gap.

GATE_For_PM serves as a proof of concept, anyone interested in the interception-resistant GATE authentication system can contact me for a customized license.

GATE_For_PM [ Free ]   Download HereHow GATE_For_PM Works Video

After download, please follow the instructions in the "Readme.txt" file to get started.

GATE_For_PM is packaged with its own Java [ OpenJDK ], so even if user doesn't have Java already installed on his PC, the program will still work. It should work on all Windows systems.

The Letters "PM" in GATE_For_PM have 2 meanings, and you can do both at the same time :
[1] Password Manager : If you use GATE_For_PM to protect master passwords of Password Managers, in this case it's GATE for password manager.
[2] Password Management : If you use GATE_For_PM to protect passwords of local [ desktop ] applications and websites, in this case it's GATE for password management.

GATE_For_PM can remember User_Id, Passwords and automatically enter them. There is no limit as to how many accounts user can add to the GATE_For_PM app, even in the free version.

There is only one download for GATE_For_PM, the Free version, if a user wants more features in the paid version, he can go into the "GATE Demo" tab of GATE_For_PM and press a buy button to pay for a license to upgrade from the Free version to the Basic, Plus or Pro version. After the payment is made user will be presented with a license activation code which he can enter into the GATE_For_PM app for the upgrade.

After a license is expired, GATE_For_PM will roll back to the Free version with a 3-digit-long GATE passcode. All user registered apps and sites will keep the same and the user will still be able to auto log into those accounts.

                     
                     
GATE_For_PM comes with 4 versions : Free, Basic, Plus and Pro.

In GATE_For_PM there is a "GATE_Demo" tab which shows the main features of each version.

Features in every version are incremental : all features in the Free version are available in all other 3 paid versions, every feature available in the Basic version is available in the Plus and Pro versions, every feature available in the Plus version is also available in the Pro version.

The Free version can have a 3-digit-long GATE passcode. User can select passcode from 4 groups of symbols each has 50 items. User can add unlimited number of applications or websites to GATE_For_PM. One of them can be selected to auto launch when GATE_For_PM starts. User can configure if the User_Id or Password of each app will be automatically entered or not, and set a delay [ in seconds ] before auto entering User_Id or Password for each app or website.

Since different apps and sites behave differently, therefore GATE_For_PM offers 3 ways to enter User_Id or Password for any app or website :
[1] Automatic : GATE_For_PM will enter them [ if enabled ] when an app or website is launched.
[2] Semi-automatic : User clicks on "User_Id" or "Password" button, then click in the User_Id or Password field in the app/website, 3 seconds later, GATE_For_PM will auto fill the info.
[3] Manual : User right-clicks on "User_Id" or "Password" button, then click in the User_Id or Password field in the app/website, and do a "Ctrl-v" to paste info into that field.

The Basic version can have a 4-digit-long GATE passcode. Basic, Plus and Pro versions also allow users to export and import its Auto_Login_Property file to another PC. Since each GATE_For_PM app uses a unique key to encrypt the Auto_Login_Property file, a property file from one computer can not be copied and loaded on to another computer for security reason, but if a user runs GATE_For_PM on multiple computers, he can export the encrypted Auto_Login_Property file from one of his computer as a text file and import it into his other computer and erase the text file [ GATE_For_PM will do it automatically if user choose to do so ]. That way he doesn't have to repeat the app/website account setup process on each computer when running GATE_For_PM.

The Plus version can have a 5-digit-long GATE passcode. User can also select from 50 Emoji symbols for his passcode, Plus version also offers multiple colors for the buttons/tokens table.

The Pro version can have a 6-digit-long GATE passcode. User can also select from 4 additional groups of symbols each has 100 items, which will increase the security level. Pro version also allows users to select from 3 choices of GATE login table dimensions : 2 x 5, 3 x 3 and 4 x 4.

            

Donate For Cybersecurity !


GATE Cyber Technology LLC