Passwords. If there’s one aspect of our modern techno-centric world that is guaranteed to send people into fits of exasperation, it’s passwords.
They are evil — a necessary evil, but evil nonetheless. That’s because the better (read: stronger) a password is, the harder it is to remember. Each one must be unique — you are using a unique password for every website, aren’t you?
Maybe there’s a better way. That’s the hope of Australian hardware startup GDMDS Pty, which has launched a new Kickstarter project for a device called the Gilmo. It’s a small, touchscreen gadget that lets you input the username and password credentials for up to 200 websites or apps and secures them with AES encryption with a single master password. The entry-level price for a backer to get a Gilmo is $200 AUD.
VentureBeat spoke to GDMDS General Manager Graham MacKellar to learn more about why he thinks people need a Gilmo.
“It was borne out of a frustration I’ve had in finding a secure way to hold and yet still have available all of the usernames and passwords that I need,” MacKellar says. “I have a little paranoia about putting this type of data on a connected device […] so the Gilmo was designed to provide people a low-cost and very convenient way to carry those details with them but in a form that couldn’t be remotely accessed.”
If you’re laughing and shaking your head right now at the whole idea of the Gilmo, I share your scorn. But MacKellar might have the last laugh.
According to a 2013 study, nearly 55 percent of us use the same password for all our online accounts. Which is why some security experts have taken the surprising position that it is now better and more secure to write your passwords down on paper (something we were all told not to do, right?) than to use the same password everywhere. Their simple rationale: You can’t hack paper.
According to MacKellar, you can’t hack the Gilmo either. Or at least, it would be no easy feat.
Why? The Gilmo can’t be remotely accessed because it contains no radios at all. No WiFi, no Bluetooth. It does have a micro-USB port, but this is only used for two purposes: Recharging the Gilmo, which gives about a week’s use, and connecting it to the included “Backup Buddy.”
The Backup Buddy is a holster-shaped slide-on accessory that takes a complete copy of the contents of your Gilmo and stores it with the same level of encryption. The only way to retrieve data from the Backup Buddy is to connect a new Gilmo (in the event your is lost, stolen, or damaged) and enter the same master credentials from your original Gilmo.
So the only way for data to get in or out of the Gilmo is via its tiny, 3.5” resistive touch screen, which the company suggests you operate with a stylus due to its small size.
Even enterprising hackers who may have stolen your Gilmo will have a tough go of getting to your data. Assuming they had the computing power to crack the AES encryption, simply getting to the data would prove tricky. The micro-USB port does not follow a standard wiring scheme, at least as far as data connectivity is concerned, and MacKellar says the Gilmo will not be recognized as an attached device by any computer.
MacKellar is doing his utmost to ensure that the Gilmo meets the highest level of security. In a follow-up email, he told VentureBeat, “I won’t release the Gilmo to production until it has passed independent security testing, and we would be aiming to get FIPS 140 L3 certification. Once acquired, these standards will be published on our website.”
When asked at exactly whom the Gilmo is targeted, MacKellar is broadly optimistic about its appeal. “We’ve identified that almost everybody in society is a person who could use this product,” he declares. “From elderly people who struggle to remember most of these things,” all the way up to the Australia’s prime minister (MacKellar is working an even more secure version of the Gilmo for government and military users).
One thing that has already struck the project’s commenters as odd is the Gilmo’s 200-credential limit. Although each record contains four fields (Title, Username, Password, and Description) and each field can contain 140 characters, it seems an arbitrary and small number. Perhaps, but there is method to MacKellar’s supposed madness.
“We wanted to make sure the device was very quick to respond. We found that when we used memory external to the processor, the unit became slower to respond to searches and retrieving information. So we have the operating system that we’ve developed and all of the records stored in the processor. It means we have to squeeze everything into a smaller amount of memory. We found most people have between 10 and 100 passwords.”
So the Gilmo sounds as though it will do exactly what it promises. It will be a nearly unhackable device that will store up to 200 records for your website credentials in a secure form. But several questions remain.
Will people really be willing to keep a second device with them at all times just so they can have some extra peace of mind? McKellar believes that when they eventually come to the realization that this data is worth securing, they’ll be willing to make the trade-off.
Why do they need to buy a $200 AUD Gilmo when an old BlackBerry Curve, which can found on eBay or Craigslist for under $100, could be used with its radios turned off and offer just as much security with greater record-keeping capacity? “That would be a better solution than the way many people do hold passwords,” MacKellar agrees. “But the Gilmo is specifically designed to do the job and is smaller and more convenient and easier to carry around compared to what is essentially another phone.”
So far, whether it’s because crowdfunders don’t see the value in the Gilmo or because they simply haven’t been made aware of it, support for the product has been poor. The project, which launched August 13, has only 15 backers and $2,477 of its $200,000 goal, with 38 days to go.
That doesn’t bode well for the Gilmo, but then again, maybe the crowdfuning community — with its penchant for bleeding-edge tech — isn’t the right audience for the Gilmo.
It may not matter. MacKellar has much bigger plans for the Gilmo.
“We think the mainstream for the products we sell will be the general public. Our long-term intention is that this device will be available everywhere. You’ll be able to find it at Walmart, technology-type chains. … You’ll be able to buy it at a petrol station.”
Hmm. Fill-er up, and why don’t you throw in one of them Gilmos, would ya?
Stranger things have happened.
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.