NEW YORK, Feb. 9, 2016 /PRNewswire/ -- Trail of Bits, a New York City-based information security company, has released Tidas, a first-of-its-kind security tool for app developers that boosts user privacy and minimizes developer liability—all by ditching passwords completely.
Tidas is an iOS SDK that allows developers to offer the strongest user security protections— without the hassle of passwords— on any iPhone running iOS9. "Mobile apps usually have an awful user experience when it comes to security," said Dan Guido, a security researcher and co-founder of Trail of Bits. "Trying to enter a complicated password on a mobile phone is difficult, and many users settle for weaker passwords to save time and frustration," he said.
Tidas is the first system to tap the native security features of Apple iOS9—Touch ID and the Secure Enclave encryption chip—to uniquely identify users without a password. Apps built with the Tidas SDK require users to touch their phone's Touch ID sensor to create an authentication token, much in the way Apple Pay does to secure payment transactions. The authentication token is based on a cryptographic key that never leaves the Secure Enclave. Apps use this token to verify the user's identity and access backend services with strong authentication.
Because Tidas operates in the Secure Enclave and neither collects nor stores any personal information, Trail of Bits and app developers have no access to sensitive data, such as passwords or Touch ID fingerprints, minimizing developer liability in the event of a data breach. "Even if a phone is jailbroken or infected with malware, no one can steal the keys from the Secure Enclave," Guido said. "This is the strongest way to secure a transaction, whether it's a password authentication or a purchase, and it's time for app developers and users to benefit from that protection."
Tidas, which launched today, is available on a free trial basis until March 31st, 2016. Cloud and private enterprise versions of Tidas are available, allowing both consumer app developers as well as enterprises—especially those with high security needs, such as financial or healthcare institutions—to use the software. Guido explained that Tidas can also improve efficiency for businesses that use internal apps, eliminating many of the help-desk calls from users unable to log into their system due to password issues.
Learn more about Tidas at www.passwordlessapps.com
About Trail of Bits
Founded in 2012, Trail of Bits is an independent cybersecurity research and development firm with world-class experience in mobile security, reverse engineering, and vulnerability research. The Trail of Bits engineering team is comprised of some of the most recognized researchers in the security industry—together, they have crafted automated hacking machines for the DARPA Cyber Grand Challenge, occupy a seat on the elite Blackhat review board, and have discovered vulnerabilities in major shipping software products and even the Internet Public Key Infrastructure. Learn more at www.trailofbits.com.
SOURCE Trail of Bits