Curtis Staker and Roman Yudkin have been busy in the 16 months since they officially launched Confident Technologies of Solana Beach, CA—using salvaged computer security software originally developed by Portland, OR-based Vidoop. As I explained last year, the suburban San Diego company has developed an alternative to the security protocol that requires an online user to provide a username and password to log onto an Internet account. Confident instead uses an image-based verification system, so a registered user selects an easy-to-remember combination of images, such as car, airplane, and fruit.
After raising $1.8 million last year to acquire Vidoop’s assets, CEO Staker says the company raised an additional $2 million in February to help build out the business. Last month, Confident said it was extending its “multi-factor,” image-based verification system to smartphones and other mobile devices.
Today the company is unveiling “Confident KillSwitch,” an add-on image-based authentication technology that is intended to defend user accounts and websites from automated, “brute force” log-in attempts and broadly based, denial-of-service attacks.
Confident says more than half of the major data breaches in 2010 were due to malicious hackers using brute force software (which uses a dictionary database to repeatedly try different passwords) and by exploiting easily guessable passwords, according to a 2011 Data Breach Investigations report. The company also says more than 84 percent of 150 popular websites, including Amazon, eBay, and WordPress, set no limit on the number of failed login attempts.
Confident’s CEO says the reason many companies don’t limit login attempts is that many people can’t readily remember their own user names and passwords. So they keep trying until they get it right—and the companies operating such websites are reluctant to
