Passwords are notoriously insecure. You can greatly increase security by adding two-factor authentication, but making people check their phones for a secret code is annoying.
Toopher offers a clever alternative: two-factor authentication that doesn’t require you to take your phone out of your pocket. Instead, Toopher uses your phone’s GPS capabilities to check your location and verify that it’s really you in front of the keyboard. Who’s the market? Everyone. Toopher, which presented at the DEMO Spring 2012 conference today in Santa Clara, Calif., showed off its wall of shame. That is, a list of user names and passwords of everyone at the conference. Obviously, we need help.
“Your entire life is online — financial information, medical records, secure documents — hell, your entire reputation just sits behind a password, and that’s terrifying if you know how weak passwords, or even layers of passwords are,” said cofounder and chief executive Josh Alexander (pictured, right) in an email to VentureBeat. “And yet even though we have these incredible vulnerabilities, only a handful of enterprises and websites offer options to improve security through two-factor authentication.”
That’s Alexander in the photo at the top of this story, smashing a pile of RSA SecureID tokens onstage at DEMO Spring 2012, where the company debuted its app.
It works like this: You install the Toopher app on your phone (currently it’s Android-only, but the developers say they’ll have an iOS version “imminently,” with BlackBerry and Windows Phone apps to come later). Then, the first time you log on to a Toopher-enabled website from a specific location — say, your desk at work — the app will prompt you to verify your identity. If you confirm your identity with the app and enter the correct password on the website, you’re in like Flynn. (Gmail optionally offers a similar two-step verification, except it uses SMS text messaging to confirm your identity.)
Here’s where it gets clever, though: if you specify a location in Toopher, the app will remember it. After that, every Toopher authentication from the same location will be automated, so you don’t have to pull the phone out of your pocket. It simply checks your location, and if you’re where you’re supposed to be, it accepts the login.
“When users log in, they shouldn’t have to pull anything important out of their pants,” said Alexander. “Toopher knows this, therefore users get incredible security and incredible convenience.”
Toopher competes with a host of other companies offering two-factor authentication, including RSA, Entrust, and PhoneFactor. Two-factor authentication is increasingly a hot topic, because financial regulators now require banks to use it to verify web customers, although most banks have not utilized smartphones as the second factor. (If you’ve ever seen those two-page login procedures where you have to verify an image and a passphrase, then enter your password, you’ve seen a kind of two-factor authentication.) As hackers get ever more sophisticated about cracking passwords, the need for additional layers of security will grow. The trick is to keep these layers from becoming too onerous.
Alexander said that the response to his company’s product has been positive, even though it has not yet launched. “Everyone to whom we’ve pitched Toopher has opted in, and we’ve secured a handful of paying customers and built a pipeline pre-launch,” Alexander said.
Toopher is a four-person startup that was founded in Austin, Tex. in 2011. It is self-funded by its four founders, including Alexander, chief technical officer Evan Grim (pictured, left), chief financial officer Dave Dunham, and strategic/legal advisor Brian Philpott. These four have deep connections: Dunham and Philpott have been friends since age 3, Alexander and Dunham were best friends in grad school, and Alexander and Grim were in several bands together in high school and college, and were the runners-up in the Tom Clark High School Talent Show in 1999.
Toopher is one of 80 companies chosen by VentureBeat to launch at the DEMO Spring 2012 event taking place this week in Silicon Valley. After we make our selections, the chosen companies pay a fee to present. Our coverage of them remains objective.
Founder photos courtesy Toopher, first image via Heather Kelly.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.