Often product announcements come from users, industry or simple trend demands.
In the case of a company launching today, the driving force was an industry think tank who were looking to not only enhance the username and password, but offer a solution that enhances the concept ‘that is based on 50 years old technology'.
This has led to the launch of Nok Nok Labs, which is led by former PGP managing director Phil Dunkelberger, who told me that the industry needs an authentication protocol to have the plumbing work together.
He said: “The working group started with a vision about not just enhancing username and passwords, but how to make them more resilient to everything we use.”
Started in late 2009 with the working group, the Nok Nok Labs project really began in 2010/2011 where prototypes were built to present a trusted software model. “It was designed to be used on any device and on any operating systems as a protocol,” he said.
“This doesn't involve the public key infrastructure (PKI), certificates or anything, the group's vision is of strong authentication. I put a team together and the idea was to make technology more robust and easy to use.”
CEO Dunkelberger said that the idea is to have an authentication system that binds you to a device, something that is not present at the moment. “You get in through weak authentication at the moment, we need a better way to get past the dissatisfaction and big implications of username and password,” he said.
Backed by the working group and a management team of security industry veterans including PayPal CISO Michael Barrett and ‘Father of SSL' Taher Elgamal, Nok Nok Labs said that while there are many technologies that offer additional security, none are easy-to-use or scalable to internet-size populations.
Michael Barrett, chief information security officer at PayPal, said: “By creating an authentication infrastructure that leverages existing technologies such as fingerprint scanning and webcams, Nok Nok Labs is giving businesses the opportunity to authenticate anyone, anywhere and on any device. Given the billions of connected Internet devices and future growth of online commerce, PayPal sees a critical need to implement strong yet flexible authentication solutions.”
Dunkelberger explained that the technology sits and waits for the user and says to the backend ‘what do you want to use as the second factor?' He said that there is no connection, so it mitigates man in the middle attacks and authentication is based on risk and profiles. He said: “How can you take the stuff out there and make it usable every day? If you want to put in a four digit PIN number, voice biometric or swipe a fingerprint you can.”
This seems like a good idea, those of us who carry to two-factor token would probably see the benefit in using it for more if not all services. So if a user is bound to a device and authenticated by it, but what if the user loses that device?
Dunkelberger said: “If you lose your phone, you go to your PC and de-provision the device as you don't want it to identify you. You are using a custom piece of code, you use this for authentication and for multi-factor capabilities. We are not about selling authentication tokens; we enforce better use of strong authentication.”
We've seen launches in the authentication technology space for many years now, all trying to cover the same ground in getting all users to use their technology to solve the problem. What Nok Nok Labs that is different is to allow users to keep on using the same tokens and devices, but build a better backend that may iron out some of the password storage and breach issues that give IT managers and administrators nightmares.
Will it succeed? With the right people and concept behind it then it may. Also in case you were wondering, the name, Dunkelberger explained, came from ‘knock knock - who's there'.