4 Comments

Summary:

Fingerprinting, voice recognition and even a glance in a smartphone camera could become the standard for user authentication in cloud applications if a new security protocol from Nok Nok Labs takes off.

Nok Nok Labs CEO Phillip Dunkelberger
photo: Nok Nok Labs

Startup Nok Nok Labs has developed a security protocol that asks end users to substitute stronger authentication tools such as fingerprints and voice recognition for the usual user names and passwords.

Named after the classic knock-knock joke, Nok Nok Labs wants to revolutionize online identity authentication with tools that already exist on user devices, such as a camera, a touch screen and a microphone, said Phillip Dunkelberger, Nok Nok’s CEO and founder of encryption company PGP Corp., which Symantec Corp. acquired in 2010. Palo Alto, Calif.-based Nok Nok has taken on $15 million from DCM and Onset Ventures.

Usernames and passwords have existed since the mainframe era, and authentication hasn’t changed much over the years, Dunkelberger said. Nok Nok wants to help clients ensure that end users are who they say they are. It’s not perfectly secure, Dunkelberger said, but it is considerably more secure than a text password. Companies can sign up for the protocol, which will ask individual users if they would like to use existing verification methods on their devices instead of a password.

The protocol is free. By March, Nok Nok will come out with a client to keep track of user inventory, enrollment and provisioning, Dunkelberger said. (A Nok Nok spokesman later said that the protocol will be free for members of the FIDO Alliance, a group that formed last year to move away from usernames and passwords, and that it will become available within a couple of months.)

The security protocol could come in handy as more companies allow employees to access data on public clouds from their mobile devices. If the employee accidentally leaves a tablet on an airplane, the person who finds it would have a hard time replicating the owner’s voice or fingerprint. That could prevent a security breach.

Security experts say it’s not about getting to a  level of perfect security, an impossibility. The realistic goal is to minimize risk as much as possible. People find it hard to remember and multiple passwords and user names so they get sloppy — they share and duplicate passwords — and that leads to risk. Nok Nok’s tools could be one way to alleviate it.

This story was updated Tuesday to clarify who will be able to use the Nok Nok security protocol free of charge and when it will become available.

  1. I think I’ll stick with passwords considering how many times I was locked out where I used to work because the stupid finger scanner wouldn’t let me in. Let’s see, new password, 12345. No too easy, 123456. Ya, that’s better.

    Share
  2. Reblogged this on pindanpost and commented:
    Something I am in desperate need of, so many I can’t keep track of …

    Share
  3. Thanks, here is a paper that talks about securing biometrics in hardware, useful for protecting privacy: https://docs.google.com/file/d/0BxoZmTnPmLT8Z05VLS1RaE5kWnc/edit?usp=sharing&pli=1

    Share
  4. “People find it hard to remember and multiple passwords and user names so they get sloppy”

    The above passage does not make sense. What were you trying to say?

    Share

Comments have been disabled for this post