The April 1-7 edition of Bloomberg Businessweek featured an article (p. 39) on a clever, innovative new approach to the thorny topic of passwords that we think is worth sharing.
As the article notes, a software engineer by the name of Ramesh Kesanupalli has been working on a better password. Large banks, e-commerce companies, social networks and others with millions of online customers must maintain an array of expensive servers to store passwords and user names. All that sensitive information left in a central repository makes for a pretty tempting target for hackers.
Kesanupalli asked: Why not get rid of user names and passwords and store login data on customers’ PCs, smartphones and tablets? His firm, Nok Nok Labs has designed software that lets users record their own biometric data, such as their voice, facial features or fingerprints, on their personal computers and gadgets. That’s a lot more secure than a user name and alpha/numeric password.
When a user provides a valid match, they can connect securely to the desired website. But, as Kesanupalli notes, for a hacker looking to compromise the system, “they would need to steal your device, and your finger and your eye. That’s not a scalable attack,” he notes somewhat wryly.
He’s onto something. Kesanupalli already has two other startups under his belt, both of which he sold to much larger companies. He was previously CTO of a security software consortium interested in replacing conventional passwords. “I knew the password had to go,” he notes. He started down this path in 2009, and has raised $15 million so far from investors, and his patented software will be tested in three million devices this year, thanks to partners like Lenovo, PayPal and others.
At PayPal, its CTO notes that over one-third of his company’s help-desk calls involve password resets. And as Jon Oltsik, an analyst at Enterprise Strategy Group has noted, “This has some exciting potential. The world is looking for something like this.”