Hi Steemit

This is a must read and I would appreciate any valuable input and participation in this project. I have been working with a developer for a few years to bring this to fruition. This is an absolute game changer in terms of having the ability to remove the need for using a username/password combination ever again, it also delivers a bullet proof way of stopping phishing which is invaluable to any organization that requires this protection...

I am going to include a few key players (in my opinion) on Steemit that would find value in this system, whether it's from an ease of use, security or how the methodology could work hand in hand with the current Steemit platform..

@ned
@sweetsssj
@dan
@crypt0
@clains
@kyle
@abit
@timcliff
@teamsteem
@zer0hedge
@kingscrown
@chitty
@ackza
@officialfuzzy
@etherpunk
@calaber24p
@sirwinchester
@jacor
@kozak
@raymonjohnstone
@dollarvigilante
@eroche
@jerrybanfield

SUMMARY
1)Extremely easy to use on both desktop and mobile devices

2)Easy to remember

3)Auto generates a long, strong, random password value

4)ONLY 1 PassFile to remember - generates totally different values for each different website

5)stops the most common type of phishing in its tracks

6)Owned and under the control of the user, not generated or stored anywhere online by other parties

7)Industry standard math methods used

8)Every different file has a unique mathematically generated value.

9)Easy to deploy on websites via the API

10)Single point of maintenance by PassFile Safe means changes are instantly rolled out to all websites without human resources or any delay

11)Login interface can be customized via styling

12)Procedures and coding to store the PassFile value are standardized according to best practices

13)Confirmation from Business owners and Web Developers that storage guidelines have been implemented, as part of the License Agreement, adds credibility to the business and comfort to individual users

14)“remember me” facility, security questions, auto saving passwords, software and hardware key-loggers, wireless keyboard MITM attacks, unreliable biometrics, multiple device usage to login, password reuse, weak and strong passwords, attack dictionaries built from previous breaches, feasibility of brute force attacks…are all swept away in one stroke.

Expanded
Following press reports on mass data breaches on a daily basis there has never been more of a need to use strong passwords to protect identities and assets, yet the old style password is seriously flawed and in need of urgent replacement.

Over 90% of the world uses very weak passwords and most websites, even the big businesses on the net, do very little to discourage this. Most of these weak passwords fall in the top 1,000 passwords used. Hackers are well aware of these passwords and they also have extensive libraries which they can go through very quickly in a brute force attack.

It becomes difficult for a user to remember a random password such as "X5t*bP(r" (8 characters) as opposed to a pronounceable word such as "password" (8 characters) so random characters are seldom used. Likewise it is difficult to remember any complex keypad combination that is longer than 12 characters. Added to these difficulties is the recommendation that a different complex password be used for each different website requiring a login. Compounding the problem even more is the difficulty of typing in such longer random passwords on a mobile device, especially when using the small digital keyboard on a smart phone. No wonder we tend to just give up and instead go back to old habits for fear of being locked out of services we want.

ArmerTech (PTY) LTD has developed, a unique methodology to overcome the human weakness of using simple passwords that are easy to crack. Passwords apply not only to log in to a website but also to an encryption key that is supposed to keep data and files secure. The use of weak passwords and weak encryption keys are serious problems which many businesses are currently facing with their websites right now and the problem is becoming worse every day. The methodology is a new and secure way of login that cannot be seen in use anywhere on the internet but can be applied to any website. Check it out at http://www.passfilesafe.com and see it in action on our live website at idsafe.co.za

The methodology uses a PassFile instead of a password. Modern browser technology allows the binary code of the chosen PassFile to be read and this code is used to deliver a unique mathematical value for the PassFile. This value, 84 alphanumeric characters long, replaces the use of the password and as an example looks like “FaMi1b0vrySAYxiABkw6dnp67/itrjib1K39MxuVRLsDVPaH+hOiQyhus6r/Lq3YdSSqOXgLgvBuJfLuYx8yGQ”. How is a human going to remember that? How is a human going to be able to type that in to a password box on a mobile device?

The same PassFile, when mathematically combined with a particular website, gives the following values:

Google: “WkTMGpZCoa+CBOmjljUsaCCY3PtPhP7IZLIX1/QgquXLHw325qMDx9yfNtvhzVWxh5iTALrqVjSTb0xlOpGViw”

PayPal: “IihZ3Fn95v36W+cKJ/k81xlmb+gx3seOKEQNE9MScdQHXS94xqMBleOU9Fwc7tal1j+EpM0N1yobCPC+CZpgXQ”

Facebook: “ZfeUsCbPNT/Tfd+gDIV64HnXOc2b34xcoRS2JtFMqJF8dOH5pVlPwKkU42eFUinELMh8BuyC7V7iF5/l3nUSuw”

One PassFile, easily remembered and easy to use, produces different unique values for different websites. Values that cannot be brute forced in under 10,000 centuries of computer time and values that are not contained in any hacker dictionaries. Now THATS a strong password value!

Ease of use is accomplished by the user choosing a file that they will remember, any file of any type, and dragging and dropping that file into a dropzone on the website. If a mobile device is being used, the user chooses the file from the device just like they choose any other file for any other purpose. It cannot be simpler than that, can it?

An extremely important benefit is that the method stops the major part of phishing attacks. Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a well known and trustworthy website. Redirecting a user to a fake website, no matter what method is used to disguise the website address (domain name) of the attacker, the PassFile Safe method always retrieves the actual domain name that the browser is viewing and uses that domain name to retrieve a unique identifier that is then joined to the value of the PassFile used, before calculating the unique math value which is used to authenticate the user. That means the unique math value will NEVER be correct for the attacker to use on the real site.

Several different login methods have been proposed as discussed under the section “competitors”. All have merit in their own right even though they are restrictive, invasive and have narrow applicability. However nothing will help in the long term if the second part of this important replacement method is not implemented. The data breaches that have allowed dictionaries of weak and very strong passwords to be built, have been successful because of the negligent way in which passwords have been saved by web developers. It is time to make web developers accountable for their actions. Past and present negligent coding practices continue to cost the world economy, paid for by us humans, billions in revenue. This bad coding has to be brought to an end. Business Directors hide behind a veil of ignorance when it comes to coding but they are the very ones who so often take the “cheap” option when building a web presence, still having a mindset that programming is for hobbyists who don't really need to be paid anything much. Pay cheap – get cheap. Nothing has changed.

So it is time to bring some certainty to ordinary users in the form of a written confirmation from Directors and web developers, that proper and safe storage practice has been used to save login values. That is why this requirement is part of the licence to use the methodology.

Our surveys have shown that individual Users want to use the PassFile method BUT they feel powerless to change the old way of doing things ie username and password and in many instances are just resigned to having their personal information breached and
shared. That is certainly a sad state of affairs.

Many online users have become aware of and concerned about most of the threats, especially over the past two years and this presents a clear opportunity to introduce to the market an easy to use and safe way to authenticate a user.

The methodology used to achieve this is unique as it has not appeared in use on the internet according to our research.

A disruptive technology is one that displaces an established technology and shakes up the industry or a ground-breaking product that creates a completely new industry. The PassFile Safe login method is certainly a disruptive technology.

International Data Safe

Many people keep personal and business information and documents in all sorts of different formats, in all sorts of different places and in all sorts of disarray. Formal and legal paper documents are still sent to us by mail and many times we keep those papers here, there and everywhere. We also receive important stuff via email, things like bank statements, business documents and other personal things. We all have photos and videos that we get from all sorts of places that we keep in a folder here or a different one there or on different devices, some fixed and some mobile. Its no wonder that we spend hours looking for paper or digital documents and files and at times those things we want cannot be found at all.

Even those of us who are admin minded run the risk of loss of personal and business information and paper documents through theft and natural disaster.

Then there is hard drive failure and deletion of files by mistake as well as the ever present threat of loss or theft of mobile devices and theft of computers by break in. Ransomware is the current form of “natural disaster”.

Consumers sometimes try to protect important things by scanning and then saving to hard drive and many are using web based or cloud storage to backup documents and files to overcome the threats. However there are safety and privacy concerns about most of those sites. This haphazard way of saving stuff does not help to get and stay organised, safely.

The big name internet companies such as Google (offering Google Drive), Microsoft ( offering SkyDrive ), Dropbox, Apple, and many more whose services are used by millions of consumers both business and personal, are located in the USA and are therefore subject to the provisions of the Patriot Act which basically overrides every users right to privacy whether you are a citizen of the USA or not. All of these companies make it clear in their conditions of use, that personal information and identifying data will be used and under certain circumstances shared with others. Although claims of encryption are made, the big problem is that the keys to the encryption are under their control, not the control of the individual user and therefore will be used to decrypt anything they wish to decrypt for whatever purpose they deem fit. If the keys fall into the hands of a bad actor, serious damage can be done. Apart from that there is the issue that Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Covenant on Civil and Political Rights and in many other international and regional treaties. Protection of business data, contracts, client lists, intellectual property and the like is critical but how is that being achieved when using the services of cloud storage portals when they have the right and the capability to lay bare your business secrets?

Some cloud based storage providers do actually allow the user to set their own encryption key which the storage provider does not know. That key is used to encrypt data and files. The problem is the same old one...users will just not choose a key that is long, strong and random. It is much easier to remember “password” than “qw36fj8br098qzx55cm25dv765hy24gh37”! Just as passwords can be cracked, so can encryption keys if they are not strong.

The login methodology designed by Armertech and used by International Data Safe deals with this pitfall in a simple way yet provides the level of encryption protection that is required to maintain safety and privacy.

The Login Value that is sent to the server, that long strong 84 character alphanumeric “password”, is used by IDSafe as YOUR encryption key to encrypt everything that is saved and uploaded to IDSafe. Client names are encrypted, contact numbers, addresses, contracts, information - JUST EVERYTHING – with that key that is always and only under the control of the user.

In the unlikely event that the facility is broken into by cyber criminals, all that they will be able to see is encrypted, meaningless, data as they will not have access to the Pass File used to encrypt/decrypt the items. This applies to anyone working for ArmerTech (PTY) Ltd as well.

Why is this? BECAUSE THE USER OF IDSAFE IS THE OWNER OF THE ENCRYPTION KEY (THE PASSFILE VALUE) and CONTROLS THE ENCRYPTION KEY. NO ONE ELSE.

Applications for the use of IDSafe are everywhere. Just start with the banking sector worldwide. For hundreds of years they have been the guardians of valuable assets, either currency or things locked up in a safe. It is a logical extension that in a digital age, they should be providing protection of valuable digital assets as well. Now they will have a set of tools to achieve that and to pass the responsibility of holding the digital key (previously a physical key to a safety deposit box) to the bank client. Banks have the resources in every way imaginable to effectively run such a digital product and now they can use the PassFile Methodology to ensure that the encryption key remains only in the hands of their client. Lets them off the hook if a breach occurs. Such a service from a trusted Bank brand will be snapped up by their client base.