Nok Nok Labs has developed a security protocol that asks end users to substitute stronger authentication tools such as fingerprints and voice recognition for the usual user names and passwords.
Named after the classic knock-knock joke, Nok Nok Labs wants to revolutionize online identity authentication with tools that already exist on user devices, such as a camera, a touch screen and a microphone, said Phillip Dunkelberger, Nok Nok’s CEO and founder of encryption company PGP Corp., which Symantec (s symc) Corp. acquired in 2010. Palo Alto, Calif.-based Nok Nok has taken on $15 million from DCM and Onset Ventures.
Usernames and passwords have existed since the mainframe era, and authentication hasn’t changed much over the years, Dunkelberger said. Nok Nok wants to help clients ensure that end users are who they say they are. It’s not perfectly secure, Dunkelberger said, but it is considerably more secure than a text password. Companies can sign up for the protocol, which will ask individual users if they would like to use existing verification methods on their devices instead of a password.
The protocol is free. By March, Nok Nok will come out with a client to keep track of user inventory, enrollment and provisioning, Dunkelberger said. (A Nok Nok spokesman later said that the protocol will be free for members of the FIDO Alliance, a group that formed last year to move away from usernames and passwords, and that it will become available within a couple of months.)
The security protocol could come in handy as more companies allow employees to access data on public clouds from their mobile devices. If the employee accidentally leaves a tablet on an airplane, the person who finds it would have a hard time replicating the owner’s voice or fingerprint. That could prevent a security breach.
Security experts say it’s not about getting to a level of perfect security, an impossibility. The realistic goal is to minimize risk as much as possible. People find it hard to remember and multiple passwords and user names so they get sloppy — they share and duplicate passwords — and that leads to risk. Nok Nok’s tools could be one way to alleviate it.
This story was updated Tuesday to clarify who will be able to use the Nok Nok security protocol free of charge and when it will become available.