Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

A mobile security startup called PassBan thinks the best way to keep mobile devices secure is to allow people to choose from a bevy of different authentication options—including one that you wear on your wrist.

“We didn’t want to be in the business of forcing one factor or another on the user,” says cofounder and CEO Kayvan Alikhani.

Most of us have to remember countless passwords for different online services, and we are often asked to choose complicated strings of characters to make them harder to guess. A growing number of companies offer alternatives to conventional passwords, including various forms of biometrics (see “Instead of a Password, Security Software Just Checks Your Eyes”).

More than half of cell phone users in the U.S. also own smartphones, and many apps keep users perpetually logged in, thereby bypassing the usual security controls. People also use smartphones and tablets to store and access an increasing amount of personal data, making them ever-more valuable if they’re lost or stolen. And yet, while there are plenty of companies focusing on securing desktop and laptop computers, the market for mobile security is still in its infancy.

PassBan released a free Android app in February called Passboard that allows you to secure individual apps on a smartphone with any of more than a dozen verification techniques, including identifying your voice, face, location, or a specific gesture. Initially available in private beta, the company says, the app will be available to anyone starting Friday.

And at a developer event at the company’s San Francisco office on Wednesday, the company showed off a wristband that can unlock a phone or tablet when the wearer makes a simple gesture in the air. It also showed off tools that will let third-party developers incorporate PassBan’s technology into their apps.

The wristband will be available in a couple of weeks, Alikhani says, and the company hopes to sell it for less than $20. He expects such sensors to ultimately be embedded in watches or other things we carry with us.

PassBoard works by intercepting the launch of any app that a user has secured it with. Once you’ve secured your Facebook app, for example, when you tap on it, a PassBoard popup commands you to verify your identity with whatever method you’ve chosen. For those with a wristband, it can be set up to authenticate you with a shake or tap on the wristband, or with just your proximity to your smartphone. Whichever method you choose, it must be registered and transmitted via Bluetooth to your handset to unlock an app.

Alikhani says it is possible for someone who has the wristband and your smartphone to access data on the handset, assuming they know your signature gesture. But if you secure a phone with a wristband gesture and also require another factor—like choosing a sequence of colors—that could make it trickier to access.

David Wagner, a professor of computer science at UC Berkeley, doesn’t think PassBoard offers anything particularly unique or useful, saying that his research suggests that only a minority of users employ even a simple passcode to lock their phones. He expects this is because there isn’t much of a security risk for most people—someone who steals your phone probably just wants to wipe the data and resell it.

He is intrigued by the idea of wearable authentication, however, though PassBan will have to convince users it’s worth spending the money to get it. 

PassBan isn’t the only company that thinks wearable authentication may be the next big thing in security. Google is apparently exploring the idea of using items a user is likely to have on them anyway—such as jewelry—to log in to a computer (see “Google’s Alternative to the Password”).

0 comments about this story. Start the discussion »

Tagged: Computing, Communications, Web, mobile security, Android app, password management

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me