Most people know that user ID and password authentication is a pretty weak way to secure your accounts. Nok Nok Labs wants to help usher in a new era of fingerprint and multi-factored authentication, and it just landed $8.25 million to grow its cross platform standard.
Nok Nok Labs is a part of a consortium called Fast Identity Online Alliance (FIDO), which today is unveiling a new standard of strong authentication — one that doesn’t involve a password. Essentially, the organization has created a public road map for how identity authentication should be implemented across platform, quite like Secure Socket Layer (SSL) did for web communication encryption.
It’s an important project, the significance of which is not lost on major tech companies. Among the alliance’s 150 members are Google, Alipay, Microsoft, Samsung, Lenovo, Qualcomm, and RSA. Of course, a string of authentication companies are involved in the alliance as well, like Yubico, Synaptics, NXP, and Nok Nok Labs.
The project aims to phase out password security altogether in favor of a series of alternative authentication measures, many of which leverage biometric readers — like Apple’s Touch ID. Other forms of authentication include facial scans taken by your phone or computer camera; chip cards and external authenticators; and PIN code entry. From a consumer standpoint, the rollout of FIDO 1.0 means never having to remember a user name and password or futz with a password wallet again.
From a enterprise point of view, the FIDO protocol means fewer opportunities for security breaches. Nok Nok Labs CEO Phil Dunkelberger notes that nine out of 10 breaches result from someone’s credentials being stolen. Those who have watched the breaches from earlier this year will remember that the attack on Home Depot was perpetrated with credentials stolen from an HVAC vendor. Similarly, when hackers broke into the iCloud accounts of celebrities Jennifer Lawrence, Kate Upton, and others, Apple said the breach occurred as a result of targeted attacks on the celebs’ usernames, passwords, and security questions.
Though other companies have tried to solve the password problem, largely through password wallets and two-factor authentication overlays, no singular method has gained mass adoption. But an open protocol has the opportunity to change that and be flexible enough to let companies use their own technology rather than rely on a single method of authentication — like the PIN code.
Dunkelberger was one of the earliest members of FIDO, along with six other partners including PayPal and Lenovo.
“It’s an industry movement to allow strong authentication, biometrics, secure pins, etcetera, to be easily deployed for both ease of use and better security,” Dunkelberger said.
Prior to his involvement with FIDO, he was managing open source security protocols as the former head of PGP Corporation. He cofounded PGP in 2002 and bought the rights to the Pretty Good Privacy code base, which secures online communication by encrypting and decrypting messages sent over the web using a set of public and private keys.
Despite PGP being open source, Dunkelberger was still able to turn a profit on the company by offering enterprise-level services and products based on the original open source code. In 2010, the company was sold to Symantec. Now Dunkelberger is preparing to do the same thing with FIDO’s public authentication protocol, which he says Nok Nok contributed code to.
“We were the first guys, we pretty much invented it and then we built it, then we took those core patents and we donated them,” he said.
The company plans to provide services that FIDO doesn’t give specifications for, like how to build an interface on backend servers to support FIDO or how to build a FIDO specific management server. The new round of funding will help facilitate the rollout of many of Nok Nok’s new authentication tools.
This is the company’s third round of funding, but it is not a final close; Nok Nok is still accepting participants to its series C. To date the company has raised $40 million.