Talk about capitalizing on a gimmick. Knock, an app that allows you to unlock your Mac via Bluetooth by double-tapping on the back of your iPhone, certainly sounds gimmicky. But for Knock’s founders, this new form of wireless user authentication is about something much, much bigger.
"It's a gimmick, there's no question about that," says Knock cofounder Jon Schlossberg. "But it's a gimmick that solves a real (albeit small) problem, and it's a gimmick that we can ship and sell today to bootstrap our company and start working on the larger vision."
What Schlossberg and his cofounder William Henderson envision is the elimination all passwords, for everyone, for everything. So how do you get from knocking twice—not three times, that means something else—on your phone to killing the password? Schlossberg says it’s a bunch of small steps. "Knock’s authentication experience needs to grow into something close to ubiquity. Knock would need to support everything and be everywhere." Supporting everything would need to include, among other things, partnering with software companies like 1Password and Lookout to addressing the other end of the spectrum of hardware like August, Lockitron, Nymi, or even Schlage or Kryptonite.
"We can offer fully automatic two-factor authentication using the Knock experience (something no other two-factor authentication company does) for free just to get installs. Basically, we can make deals with large companies, universities, etc., and give their IT dept free two-factor (currently expensive) that is a significantly better experience than what's out there today. We've figured out a way to make it not terrible. So these organizations use our free two-factor and in exchange, all their computers are running our authentication platform."
Despite many enormous potential hurdles, Schlossberg makes getting rid of the need for end users to enter passwords sound like an achievable goal. They’re not the only ones working on the problem, which was declared with renewed urgency by Wired’s Mat Honan last year. Apple is doing its part by rolling out TouchID, one of the first biometric security methods to find its way into smartphones. Apple’s fingerprint sensor may reach mass adoption quickly, but may or may not become ubiquitous.
One of the many dreams of Ubuntu’s Edge phone was the ability to have your desktop computer and mobile phone combined into one device. When docked and connected to a monitor, the phone uses a desktop environment. When undocked, it goes back to being your phone and mobile device, letting both environments share data. Such a solution would eliminate the need for cross-device authentication, but with the Edge phone not making its crowdfunding goal, the Ubuntu for Android feature has a bigger hill to climb for general public awareness as part of Ubuntu’s mobile OS.
If Schlossberg and Henderson can pull off what they’re attempting, it will be a win for consumers as much as it will be for them. Ultimately the desire to attack the password problem is adding (some) security in the easiest possible way.