Solving the password security problem — passQi is like speed dial for your online authentication
Fledging Santa Cruz startup passQi LLC (“pass-key”) is poised to launch its new iPhone identity tool.
The iPhone is a natural platform for the user to come to grips with the thorny problem of managing many online accounts, but the current solutions have either been glorified contact applications with a lock, or new technologies that require a critical mass of web sites to support them before they have any real relevancy.
passQi solves this by integrating a browser-side bookmarklet with an app that scans a QR Code that the bookmarklet generates to securely connect the phone to the browser, allowing the stored password to be automatically injected into a user’s browser.
The net effect is that a user simply has to click the bookmarklet and scan with their iPhone’s camera directly into the app. While the passswords are different, the user experience is the same – simply click and scan.
passQi’s founder, David Eyes, is a longtime Santa Cruz resident whose career stints include Apple Computer and Santa Cruz Operation, as well as many years in the Enterprise Identity Management and Consumer Loyalty space. Eyes describes passQi as “The Single Identity Experience,” emphasizing that it delivers the “experience users want, while making sense of what is the fragmented world of online identity.”
According to Eyes, “the problem of managing multiple accounts securely becomes a strength with a tool like passQi. Because users never have to type their passwords, they can store cryptographically dense passwords, have different passwords for each site, and never have to remember them. It’s like having speed dial for your online authentication.”
Eyes stresses that passQi does not provide a “single identity” and doesn’t believe that such a thing is possible or desirable. “Web properties retain ownership and control of their users. Plus, no modification of the site login is necessary for users to immediately begin to get benefit on virtually any site that has a conventionally designed login form.”
According to Eyes, there is a way that security-minded web properties can take advantage of passQi. Each time a user logs in with passQi, a “two factor authentication cookie” is automatically passed to the site. Sites that register with passQi can then provide their users the option of requiring passQi to authenticate, that is, to provide both the usual username and password, and the second token that asserts that the authentication has been facilitated by passQi, and demonstrates that the authenticating user is in possession of their iPhone. “This kind of solution could have secured any of the 2 million Adobe passwords that were recently compromised,” says Eyes.
Eyes considers his design philosophy to be “anti-cloud” in the sense that there is no storage of any user information. The passwords are stored only on the iPhone, and securely relayed through the cloud encrypted by a one-time 256 bit AES encryption key, which was generated in the user’s browser and transmitted “out of band” from the internet, by being scanned optically into the phone.
Meanwhile, the application provides back-up to Dropbox of encrypted passwords (in a flat text file) and the ability (in addition to the facilities provided by Apple) to remotely delete the password files if your phone gets lost, either by dialing a phone number or on the passQi web site.
Naturally, Eyes is shooting for broad adoption. The core application will be free, with monetization sought in web two-factor authentication, enterprise identity management solutions, and commerce and marketing capabilities that the core technology can additionally support. Eyes says he is actively seeking debt round funding to ensure user traction and develop revenue streams, and bring the company to a valuation round.
For more information, contact David Eyes at email@example.com.
Producer, editor, curator
Santa Cruz Tech Beat – a news digest for folks who want to know and share what’s up in the Santa Cruz technology community.
Sara Isenberg curates and publishes Santa Cruz Tech Beat for the benefit of the extended business and technology community. When she is not volunteering her time for the tech scene, Sara makes her living by managing software projects, web strategy planning, and providing development team services (including account management, vendor management, strategic partner management, beta project management, referrals to qualified technical team members, and more). Please visit http://saraisenberg.com or contact Sara by email at firstname.lastname@example.org if you have any project management, account management, or Development Team leadership or service needs.