Xequre is an Indo-Canadian startup (Toronto, Canada and Chandigarh, India) that enables logging on to multiple websites with only one master UserID & password.
Xequre has built “the only single sign on password/ID manager which does not store user details” – i.e. a patented web based platform for managing online passwords/identity to help solve the passwo
rd fatigue problem for internet users.
The founding team stood 2nd out of 87
participating teams from North America, in the TiE Quest business plan competition and has roped in cryptography expert (Dr. Kumar Murty, who is the head of the Ganita labs, the Chair of the University of Toronto Mathematics Department).
XeQure will be the first company to introduce an online SSO password and identity management solution targeting non-enterprise internet users that is more secure, easy-to use, reliable, portable, multi-browser compatible, multi-OS compatible, and more scalable than competitors. The modular product will also be marketed to businesses targeting users as well as small and medium enterprises.
Here is how XeQure’s multi-factor authentication works:
- When initially registering for the service, XeQure users can choose a unique Display Image from a set of images provided on XeQure.com or upload an image from their hard drives. Whenever users log into XeQure, they will see that image as a sign-in seal, a proof that the site is authentic. (Reduces phishing attempts)
- When a user signs in using his/her ID & Password, XeQure will instantaneously assess the “profile” of the member’s and detect the IP Address, storing the information for future reference. In case, the user enters a wrong ID/ Password three times, XeQure will temporarily block that user and reactivate it automatically after 24 hours.
- If the user’s identity is cleared, he/she is taken to the Grid Card authentication page where the Display Image is also present.
- On the Grid Card Authentication page, the user need to input the random co-ordinates from their individual Grid Cards. The user will be given access to the account only if they input the correct co-ordinates.
Few features:
- Multi-factor authentication for additional security (Master ID/Password authentication, IP address /Mac authentication for static IP, Image verification, choice of Grid card, Mobile phone or Image based authentication and Knowledge based authentication if the user forgets his password or misplaces the grid card or is unable to receive an SMS on his mobile)
- Robust encryption technologies (AES 256, SSL, SHA 512 and the patented Split key authentication developed by Ganita labs at the University of Toronto)
- User can create and categorized bookmarks of their most frequently used/ favorite websites
- Thumbnail or link based website auto-login results
- Auto register feature allows the user to automatically register/subscribe to a new websites (currently in development)
Xequre is still under closed beta and as of now, not all websites can be auto logged into (the solution is underway) – I have 10 invites to give away, so if you are interested in trying out xequre, please leave a comment (with email id).
University of Toronto has already partnered with XeQure and the partnership gives them their initial user base!
What’s your opinion on Xequre?
Few points, its interesting however
1. Image seal (like yahoo) is not fool-proof and can be hacked by Man in middle type of attack. Just as marketing feature its cool !
2. One time password etc are fine, but do really non-corporate user want it ? IP/Mac based verification may be of little use [But important in tracing user !]
3. Usability point of view may need to check site, !
4. Finally looks like OpenId with One time password ? [Conceptually, Did they implemented Openid ?]
Discl: Opinion are only personal !
I would love an invite, and always enjoy a good indo-canadian joint project! I just worry about the overall business model of the company. Where does the revenue come from to sustain this business?
Nice security techniques. I would like to put my hands on this xequre. Can you send me the invitation of this beta product.
Interesting. I would like to use this. Can you send me an invitation??
Thank You.
Hmmmm. Revenue Model? Grid Card Distribution? Relevance in a post Open ID world? Lots of questions – and the only way to get answers is to try it out and understand the solution better. Can you get me an invite? thanks
An open qn that everybody seems to be asking – How diff. is this from openID?
I will ask the founding team to answer these questions.
> The founding team stood 2nd out of 87 participating teams from North America, in the TiE Quest business plan competition ..
What is it with Indian startups and the obsession with B-plan contests ?
Hello all,
I am the founder of XeQure Solutions and I would like to thank you all for your interest and comments. We will share our revenue model, our white papers, and also how we are implementing our security once we go live. In the meantime we ARE working on the usability aspect of the app, hence the closed BETA.
So how different is XeQure from OpenID?
1) XeQure aggregates all the users websites in one place (essentially book marking) and allows them to put the sites into different categories. A user can just auto log into all his favourite websites without having to waste time typing all the URL’s.
2)Workflow for XeQure- XeQure Login -> Login to all Website (once the user has registered their websites)
3) WorkFlow for OpenID – user goes to a website, which is Open Id enabled,, types in the OpenId URI… its URI and then logs into a provider site and provides credentials for the provider site and then logs into an open id enabled site. Next time user can directly login by typing the uri on the OpenId site, if he/she has checked the option to allow seamless login at the provider website.
4) We have multifactor authentication for enhanced user security. We are currently developing additional forms of multifactor authentication besides the grid card. The user will be free to choose whether or not he wants any additional authentication besides the ID/password. If he does, he can choose the authentication option he most prefers.
5) Open Id works on the concept of 3 parties – a consumer who wishes to login to his/her account, the website to which the consumer wants to login and the Open ID service provider. If the provider is a fake phishing website, all user account credentials are in hands of a person who may easily misuse it. XeQure does away with these issues, through its framework and multifactor authentication.
What OpenID folks have done is very commendable as it has begun the thought process of Online Identity Management.
I would love to get a beta invite. sumituee hotmail.com
Pratham…did u ever land in the top spot? Am I being rhetorical..mmm. Better to hold the geezer, in spite of he rumbling marbles, when u don’t have anythign worthwhile to spit out. Hope u keep in mind, and it’s hideous oto use the stupid .name TLD.
Its been almost a year as we can also notice from posts date is the website is live now or when will it be live.
Hello Joe…Thanks for querry. Since we are using the Splitkey authentication from University of Toronto we are still working on the licencing agreement. I am hoping to have signed off very soon. You will see us online very soon!
Mayukh
sorry for the typo..I meant query.
Also I wanted to mention that we have updated our the application based on the feed back we got from our beta users and its way better!! Will keep you guys informed of the launch.
Mayukh