Security Experts:

Security Startups: Interview with LoginWall CEO Israel Alfassi

Security Startups Feature on LoginWall

Company: LoginWall  |  Who: Israel Alfassi, CEO

SecurityWeek: How did you start out in the computer field and in particular, security?

Israel: I’m in the hi-tech industry for already 20 years. I started out as an R&D individual, became a team later and later on, a project manager. That evolved into marketing positions, becoming a product marketing manager and then going into business development. I started out in relatively large companies such as Comverse and Verint, continued with big startups – 100 to 300 people, and later, to small startups. I was involved in the founding of two startups in the area of homeland security and finance. Recently, about 4 months ago, I was called to be the CEO of LoginWall.

SecurityWeek: Why was LoginWall founded?

Israel: The founders of the company, Netanel Raisch and Omer Granot, identified a gap between the common solutions for authentication - the combination of username and password - and the more sophisticated solutions such as tokens, biometrics and OTPs. The problem is that all those existing solutions are expensive, bring about logistics complications and are not so easy to deploy; so only a very small segment of the market is usable. In-between the two ends of the spectrum there’s a void. As a result, sensitive services such as PayPal and banks do not supply their users with strong authentication. The idea was to develop a solution that does not require hardware from the user perspective so that there wouldn’t be anything to lose, forget, or leave at home. And, since no hardware is involved then the solution would be easy to deploy. In 2011 they came up with the idea to add new elements, in the form of time elements, to the password we use today.

SecurityWeek: What does LoginWall do?

Israel: LoginWall is a provider of user authentication. The idea is to add stops that become part of the password. As opposed to different bio-metric methods that identify the way you type the password, you define different stops in the password. For example, if your password up until now was 1234, you can identify that your password will be 12, short stop 3, long stop 4. We provide the visual tools when you set the password and when you use it to measure these stops in time. You don’t need to look at the watch, you just view the visuals and set it up. This basically makes password guessing through brute-force attacks useless since you’re slowing down the attack to a rate where it no longer becomes effective.

SecurityWeek: How do those visuals work?

Israel: After every character you type for your password, there’s a set of predefined photos and their evolvement. For example, after a certain character we present an egg that after a few seconds evolves to a chick, then to a chicken and finally, to a rooster. A short stop would mean an evolvement from an egg to a chic. If you wait for a very long stop, you choose going from the egg to the rooster. You can also input pictures, say of your kids, so you can define a waiting period as going from your oldest child to the middle child or the youngest one. The added benefit of adding your own set of photos is also combatting phishing sites. If you’ve logged on to a phishing site, you wouldn’t see the set of photos that you declared as part of your password and you’d recognize that you’re not on the right site.

SecurityWeek: At what stage is LoginWall now?

Israel: We have our first product ready which is already deployed at a beta-site for which we have received very good feedback. The solution works well there - not a single account was hacked. But we haven’t started selling yet as we mainly focused on R&D using the seed money we raised. Right now, we’re looking to the next funding round. Basically we need the money for two - one, to go to market. Second, to develop some solutions for hardware - network appliances, SCADA and ICS environments, and Wifi routers. We actually have a prototype for Wifi routers. These areas are relatively neglected and the Wifi routers that we have already looked into are so easy to hack into that it’s unbelievable. Given how popular these routers are, we believe that they deserve a solution.

SecurityWeek: What's your business model?

Israel: Like many solutions in the security arena, we provide free solutions for personal use, and sell to enterprises or websites based on a per-user fee. Similarly to how an enterprise installs anti-malware or anti-virus and licenses according to the amount of users, or endpoints that install it, we’re looking at per user/ per year fees.

SecurityWeek: Who are your biggest competitors?

Israel: The players in the upper-part of the market - the OTP-generator providers, biometrics providers, fingerprint readers and eTokens. However, we do not want to play only in the upper-part of the market as those solutions are in, but also to get a market share of all the sites that don’t use anything – email providers, finance, ecommerce, legal, health care providers. These are organizations that have stored sensitive data or are under regulatory mandates for stronger user authentication.

SecurityWeek: What is your biggest challenge?

Israel: The biggest challenge is the one that’s still down the road: getting a new concept to the market. We don’t need to explain how our solution differs, what we need is to get people to understand that although the solution is so simple, it provides a solution as strong as those that cost more. People think that hardware is more secure, but this is a pure software solution, very simple and very intuitive.

SecurityWeek: Any tips for other entrepreneurs starting out?

Israel: First, get your homework done before you start in order to make sure the solution doesn’t exist and if someone tells you that another company is doing it – it might be right. Second, validate your ideas with potential customers. It might sound like a contradiction, but just because you have an idea that you find amazing, it doesn’t mean the market sees it that way. Maybe the solution doesn’t speak to enough people. Third, believe in what you do. Do not give up when 25 different people tell you it won’t work, that nobody will get it, and that nobody will invest in it. Bottom line: once you learn the market and identify the real need – not only in your eyes – and come up with a solution, then believe in what you do.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Israel: Not a startup any longer – but I love Waze. Waze is a basically social navigation system where both the maps and the online information that it provides is accumulated by the Crowd. As opposed to other providers that rely on maps released once in a while, Waze provides live reports where everybody contributes for the benefit of everyone else. It is always updated – whether alerting the driver on a policeman flagging down drivers, traffic jams or new roads. It’s not a startup which was worked on for 6-12 months. They worked hard, did something innovative and succeeded.

view counter
Noa is a private consultant specializing in building thought leadership teams within tech companies. She is one of SecurityWeek’s first columnists with previous columns focusing on trends in the threat landscape. Her current interest lie on the business-side of security. Noa has worked for Imperva as a Sr. Security Strategist and before that, as a Sr. Security Researcher. She holds a Masters in Computer Science (specializing in information security) from Tel-Aviv University.