2013-11-06

Co.Labs

These Two Guys Want To Kill All Passwords

Knock is a way to use your phone to unlock your Mac over Bluetooth LE, but its founders have much bigger plans.



Talk about capitalizing on a gimmick. Knock, an app that allows you to unlock your Mac via Bluetooth by double-tapping on the back of your iPhone, certainly sounds gimmicky. But for Knock’s founders, this new form of wireless user authentication is about something much, much bigger.

“It's a gimmick, there's no question about that,” says Knock cofounder Jon Schlossberg. “But it's a gimmick that solves a real (albeit small) problem, and it's a gimmick that we can ship and sell today to bootstrap our company and start working on the larger vision.”

What Schlossberg and his cofounder William Henderson envision is the elimination all passwords, for everyone, for everything. So how do you get from knocking twice—not three times, that means something else—on your phone to killing the password? Schlossberg says it’s a bunch of small steps. “Knock’s authentication experience needs to grow into something close to ubiquity. Knock would need to support everything and be everywhere.” Supporting everything would need to include, among other things, partnering with software companies like 1Password and Lookout to addressing the other end of the spectrum of hardware like August, Lockitron, Nymi, or even Schlage or Kryptonite.

“We can offer fully automatic two-factor authentication using the Knock experience (something no other two-factor authentication company does) for free just to get installs. Basically, we can make deals with large companies, universities, etc., and give their IT dept free two-factor (currently expensive) that is a significantly better experience than what's out there today. We've figured out a way to make it not terrible. So these organizations use our free two-factor and in exchange, all their computers are running our authentication platform.”

Despite many enormous potential hurdles, Schlossberg makes getting rid of the need for end users to enter passwords sound like an achievable goal. They’re not the only ones working on the problem, which was declared with renewed urgency by Wired’s Mat Honan last year. Apple is doing its part by rolling out TouchID, one of the first biometric security methods to find its way into smartphones. Apple’s fingerprint sensor may reach mass adoption quickly, but may or may not become ubiquitous.

One of the many dreams of Ubuntu’s Edge phone was the ability to have your desktop computer and mobile phone combined into one device. When docked and connected to a monitor, the phone uses a desktop environment. When undocked, it goes back to being your phone and mobile device, letting both environments share data. Such a solution would eliminate the need for cross-device authentication, but with the Edge phone not making its crowdfunding goal, the Ubuntu for Android feature has a bigger hill to climb for general public awareness as part of Ubuntu’s mobile OS.

If Schlossberg and Henderson can pull off what they’re attempting, it will be a win for consumers as much as it will be for them. Ultimately the desire to attack the password problem is adding (some) security in the easiest possible way.

[Image: Flickr user Robert]






Add New Comment

4 Comments

  • Artur Barseghyan

    Looks like they try to sell something small as something really big. It's fine if used with two-factor authentication (instead of typing in the code from your mobile device, just to double knock on it instead - simply). The main problem is that if your phone is stolen, then (if no two-factor authentication is present) actually the person who stole it gets access to all your devices.

  • James Francis

    There is a small problem here: token-based authentication has not been able to make mainstream traction for a long time. The issue is that tokens are not ubiquitous - mobile phones (smart and dumb) do not cover the bases thoroughly enough to make a token-based system work across the board. Even the people at FIDO have admitted as much. And though everyone is trying to create a standard for security authentication, it is clear that a universal system that relies on tokens will never be fully realised.

    A password, in contrast, can be used by anyone anywhere. It requires no special hardware and as such is perfect for low-level authentication. While token-systems will grow with serious securities - for example, access systems at a college - people who suggest they can replace the password do not quite grasp how widespread password use is, nor that no type of hardware - not even a car or coffee cup - can embed itself so universally as to get rid of the ease passwords provide.

    Token-based systems will become more popular, but chat to the experts and they admit that the password is not going anywhere. We simply do not have something that completely replaces it. We do not even have paradigms or concepts that can do that, unless we force everyone to implant RFID tags.

  • spblat

    I'm a fan of getting rid of passwords. And I'm a fan of Knock. I use it. But unless I'm missing something, Knock is not two-factor, it's one factor, i.e., something I have. If I have my phone I can access my computer, and that's it. If Knock was integrated with TouchID, that would be a neat two-factor implementation.

  • Alberto Alvarez

    Agreed on the Touch ID, if Knock managed to integrate this into their app it'd truly be a neat two-factor implementation. We can only hope!