A Password You Wear on Your Wrist
Mobile security startup PassBan offers smartphone owners a slew of authentication options—including one you can wear.
Your smartphone apps contain plenty of personal information, and many of them keep you logged in continuously, which presents a potential security risk.
A mobile security startup called PassBan thinks the best way to keep mobile devices secure is to allow people to choose from a bevy of different authentication options—including one that you wear on your wrist.
“We didn’t want to be in the business of forcing one factor or another on the user,” says cofounder and CEO Kayvan Alikhani.
Most of us have to remember countless passwords for different online services, and we are often asked to choose complicated strings of characters to make them harder to guess. A growing number of companies offer alternatives to conventional passwords, including various forms of biometrics (see “Instead of a Password, Security Software Just Checks Your Eyes”).
More than half of cell phone users in the U.S. also own smartphones, and many apps keep users perpetually logged in, thereby bypassing the usual security controls. People also use smartphones and tablets to store and access an increasing amount of personal data, making them ever-more valuable if they’re lost or stolen. And yet, while there are plenty of companies focusing on securing desktop and laptop computers, the market for mobile security is still in its infancy.
PassBan released a free Android app in February called Passboard that allows you to secure individual apps on a smartphone with any of more than a dozen verification techniques, including identifying your voice, face, location, or a specific gesture. Initially available in private beta, the company says, the app will be available to anyone starting Friday.
And at a developer event at the company’s San Francisco office on Wednesday, the company showed off a wristband that can unlock a phone or tablet when the wearer makes a simple gesture in the air. It also showed off tools that will let third-party developers incorporate PassBan’s technology into their apps.
The wristband will be available in a couple of weeks, Alikhani says, and the company hopes to sell it for less than $20. He expects such sensors to ultimately be embedded in watches or other things we carry with us.
PassBoard works by intercepting the launch of any app that a user has secured it with. Once you’ve secured your Facebook app, for example, when you tap on it, a PassBoard popup commands you to verify your identity with whatever method you’ve chosen. For those with a wristband, it can be set up to authenticate you with a shake or tap on the wristband, or with just your proximity to your smartphone. Whichever method you choose, it must be registered and transmitted via Bluetooth to your handset to unlock an app.
Alikhani says it is possible for someone who has the wristband and your smartphone to access data on the handset, assuming they know your signature gesture. But if you secure a phone with a wristband gesture and also require another factor—like choosing a sequence of colors—that could make it trickier to access.
David Wagner, a professor of computer science at UC Berkeley, doesn’t think PassBoard offers anything particularly unique or useful, saying that his research suggests that only a minority of users employ even a simple passcode to lock their phones. He expects this is because there isn’t much of a security risk for most people—someone who steals your phone probably just wants to wipe the data and resell it.
He is intrigued by the idea of wearable authentication, however, though PassBan will have to convince users it’s worth spending the money to get it.
PassBan isn’t the only company that thinks wearable authentication may be the next big thing in security. Google is apparently exploring the idea of using items a user is likely to have on them anyway—such as jewelry—to log in to a computer (see “Google’s Alternative to the Password”).