Duke University Fuqua School of Business Innovations and Cryptoventures February 2017 Current Cybersecurity Practices Leave Passwords Vulnerable Passwords hashed with MD5 2013 and BCRYPT 2014 algorithms ID: 738506
Download Presentation The PPT/PDF document "K. HAAS, J. HUISMAN, P. KAPOOR, T. SZOCS" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
K. HAAS, J. HUISMAN, P. KAPOOR, T. SZOCS
Duke University, Fuqua School of Business | Innovations and Cryptoventures | February 2017 Slide2
Current Cybersecurity Practices Leave Passwords Vulnerable
Passwords hashed with MD5 (2013) and BCRYPT (2014) algorithms
Attack not on Charles Schwab servers
Affected customers had same passwords across multiple accounts
Passwords hashed and salted
Full extent of breach discovered 4 years after 2012 hackSlide3
Use
Blockchain
to Prove Ownership and Remove the Need for Passwords
john@passlock.com
Company Benefit
User Benefit
Increased security
End of password dilemma
Eliminate bad
practice exposure
Easily access from any device
Reduced hacking fallout
Securely
share accountSlide4
Ethereum
Blockchain Validates Ownership of Digital Accounts
Account created with username and phone number
User receives confirmation code via text
Private key is assigned to user based on their phone number
Account creation is broadcast to
Ethereum blockchain using public key
Community verifies nobody else owns this account
User enters confirmation code to login
User determines duration of login on current device
Repeat process for all account logins/creationSlide5
Similar Concepts Exist on Both the User Experience and Technical Side
WHY THIS WORKS
TECHNICAL FEASIBILITY
Seamless to users: confirmation code is only interaction with technology
Unlike password managers on the market today,
PassLock
does not store any passwords
Users receive new confirmation codes each time they need to login to their accountNo data will be stored on the public Ethereum
blockchainLong term, PassLock will transition to a private
Ethereum blockchain
Transaction with the Ethereum blockchain will simply verify that username is associated with device being used to login
Each time a user attempts to login the website will check users login and send a request to PassLock
for a unique code to login
PassLock will check to see which phone number owns that account and will send that number a unique code
Each website will store users’ login duration preference for each deviceSlide6
Consumer Execution Begins with Confirmation Code
Jane enters her username on Facebook
Jane receives a confirmation code to login to Facebook
Jane determines how long she would like to remain logged in to Facebook on her phone
Jane repeats the process after her login expires on her device
Facebook is a
PassLock
customer
Jane is a Facebook user who wants to login to her Facebook account
Airbnb is a
PassLock
customer
Jane wants to let Joe select potential homes for their vacation on her Airbnb account
Jane enters Joe’s phone number into Airbnb’s portal and how long she would like Joe to have access to her account
Joe receives a username and confirmation code to login to Jane’s Airbnb account
Joe selects potential homes for their vacation on Jane’s account
Joe’s access to Jane’s account expiresSlide7
Network Effects Will Help
PassLock
Capture Value
Users desire a one-stop solution for their online presence.
Passlock’s
first mover advantage will allow us to quickly build a network of key playersSlide8
Business Model Invites Customer Participation
1¢
Larger companies pay 1¢ per monthly active user
100k
Companies with <100k users can access at no cost
Free
Free for the end userSlide9
Potential Global Market is $2.8B
227M
Users
2.25B
Users
$476M
Annual Revenue
$2.8BAnnual Revenue
Domestic
GlobalSlide10
Price Point Leads to Fast Adoption and Profitability by Year 2
User growth beginning in Y2 will drive revenue and profitability metrics
A conservative estimate of capturing 1% market share provides
Passlock
with $28.35M in annual revenue, while more aggressive estimates are as high as $700M
With low fixed costs and high profit margins,
Passlock
is expected to be profitable in Y2Slide11
Commercialized Competition Does Not Leverage
Blockchain
Non-
blockchain
: “Techie” consumers have adopted password solutions
Password manager, auto form filler, random password generator, secure digital wallet application
Free versions do not have multi-device capabilities
Enterprise solutions available
LastPass
:
7M
customers; Dashlane
: 2M customers (2014)
LastPass hacked in 2015, Dashlane
has no recorded hacksBlockchain: No clear path to commercialization for password technologies
EMCSSL provides “
passwordless
logins and identity management” via the EMC currency
blockchain
No information on EMCSSL post-2015
Blockchain
ID is a digital form of ID…”designed to initially replace passwords” and then serve as a form of identitySlide12
PassLock
is Differentiated from the Competition through Consumer Ease
Consumers do not need to make a conscious decision to opt-in to
PassLock
, making password security ubiquitous
Unlike dominant industry players (
LastPass
,
Dashlane
) that charge consumers for multi-device protection,
PassLock
is device-agnostic
Blockchain
technology is more secure than
LastPass and Dashlane that use encryption technologiesSlide13
Majority of Risks are Mitigatable Through Strong Push Marketing Strategy
Target companies aren’t convinced of the need to change
A well-resourced tech giant creates an internal solution
Technology fails
Users don’t adoptSlide14
Future Includes Complementary Product Introductions
Full suite of password capabilities including
auto-forms
and credit card auto-fill
Dongle
product extension aimed at super users
Corporate
digital identities
Builds on our current B2B customer base
Improved experience for users interested in paying more
Directly address current non-
blockchain
solutions
Target hacked companies
Amplify proof of concept
Free for any sites with <100K users
Launch Strategy
Growth StrategySlide15
Two Financing Rounds are Required in the Next Year
Seed Round
Amount: $500,000
Purpose: Bringing on five full time developers for the next year to develop the MVP
Timeframe: Planning on closing round in the next 30 days
Equity: Interested in giving an equity stake worth 10% of the pre-money valuation
Series A
Amount: $2-4 million
Purpose: Double development team as well as ramping up sales and marketing spend
Timeframe: Summer 2018
Equity: Interested in giving an equity stake worth 15% of the pre-money valuation