Passwords are so passé. At least, on their own, ever since Matt Honan had his “digital life destroyed” last year due to what he called Apple, Google, and Amazon security flaws.
But a startup that just graduated from FounderFuel in Montreal might have the answer: free two-factor authentication for any business or website — no strings attached.
Pretty much, Honan was right. Apple tech support gave hackers access to his iCloud account, and Amazon showed the hackers part of his credit card number, leading to a catastrophic chain of events culminating in his iPhone, iPad, and MacBook being wiped, Google account deleted, and Twitter account taken over.
All because Google didn’t implement two-factor authentication.
Two-factor authentication approaches the question of online identity with more than just what you know (a username and password), adding what you have. For example, a dongle, a software token, or, more commonly today, a phone number. And all the major tech companies have since added two-factor authentication, which you engage in whenever Twitter or Facebook or Google asks you to input a mobile phone number, sends you an SMS with a code, and then asks you to tell them that code on their website.
It is an order of magnitude more secure than simply usernames and passwords. But it’s not cheap, or easy to implement.
Enter Swift Identity.
“Write 10 lines of code and you’ll have two-factor authentication on your site,” CEO Robert Masse told me a few days ago in Montreal. “You still own the customer, and it’s completely free.”
Building your own two-factor authentication system could take weeks or months and have significant set-up and maintenance costs, Masse says. Swift Identity offers it for free via a software-as-a-service offering, basically as a entry-point to the company’s other related products.
“We’re also a complete ID management solution with over 80 API calls,” Masse says. “We manage all the authentication processes you need for users: provisioning, a management console that shows what people are doing and where … it’s a full user management platform.”
It’s the services Swift Identity has built around that user management platform — logs, SMS capability, autolocks, compliance modules, integrations, single-sign on, reporting — that have dollar signs on them.
Yup, the first hit is always free.
But it is an impressive offering from a team with impressive security credentials. Masse himself has worked for banks, governments, aerospace companies, and the military in security, and his cofounders have similar backgrounds. Masse was also once a teenage hacker cracking into systems, so he knows how the bad guys think.
And there are plenty of willing customers (“sales will handle themselves” Masse says) who are already implementing costly programs for being sure that customer Jones is, in fact, Jones. Online gambling companies like Poker Stars, for example, charge their users for two-factor authentication that involves an actual, physical token, a dongle that you attach to your PC. Old school, but it works, I suppose.
Swift Identity wants to sweep all that aside.
“Offering two-factor authentication for free is our entry,” Masses says. “No one offers it for free.”
Perhaps not exactly the way that Swift Identity offers it, but at least one company, Wright CCS, offers two-factor authentication services for Citrix and Radius platforms for free. And there are at least two open source projects offering two-factor authentication: Dynalogin, and Wikid.
“We’ve been doing this for a year now and have deployments in multiple continents, multinational companies, the NHS,” Steven Wright told me via email.
That’s a more limited solution, however, for a limited set of platforms. Swift Identity offers two-factor for any website.
VB’s research team is studying mobile user acquisition... Chime in here, and we’ll share the results.