Authentication is Broken, Here’s How Token Fixes It (In Simple Terms)
In the past few years, Target got hacked, exposing 40 million credit card accounts, Yahoo was hit, leading to 1 billion accounts being compromised, and Sony Pictures was struck, exposing emails and information that embarrassed executives and caused tens of millions of dollars in damage.
These events, and the many other hacks of our personal data, paint a picture of one overarching state of affairs: our identities are not as safe as they should be. It’s an enormous problem that got worse in 2016, and if it somehow hasn’t affected you, there’s unfortunately a good chance that it will — if we don’t all start to do something about it.
This is why we made Token. We believe it’s time all of us are given a reasonable solution to protect our identity and the tools we use to prove that identity — including passwords and credit card numbers.
Just how does this one ring, which lets you log on to your computer and online accounts, make payments, and even replace your car keys, enhance your digital security? It’s the combination of these three big breakthroughs that have come together for the first time:
- You will no longer be sharing your credentials with anyone (they stay with you, and can be verified without having to be shared).
- Your credentials can only be used by you (they’re unique to you, and can only be used by you).
- Using your credentials to prove your identity takes only seconds
Now, it’s time to understand — in simple terms! — just how Token works to make these three innovations a reality.
You No Longer Share Your Credentials
In today’s world, we share our passwords and credit card numbers with a long list of websites, merchants and devices. These “secrets,” as you know, are anything but secret. They live in one central place — on the server of a merchant or website, so they’re located in an information-rich treasure-trove that is filled with valuable data (your data), making it a one-stop shop for hackers. The very existence of these treasure-troves — be it with Yahoo, Target or Arby’s — has led to great danger because one breach can lead to the takedown of the entire network and the theft of millions of passwords or social security numbers.
There is one other big security risk we all face: every time you share your credit card number, swipe that card through a terminal, or type in your password, there is a chance it can be stolen in the transaction. Take, for example, the scandal where millions of credit card numbers were copied with malware at Chipotle restaurants, or think of skimming operations that gather pin numbers and credit card information from ATM machines.
Token, on the other hand, never shares your private information, or uses information in a form that could be shared. With Token, you are able to log in and pay wherever you choose even as your passwords and credit card numbers never leave the ring itself; they’re always stored in a secure element (the same technology that’s used in credit card chips).
Here’s how a typical log-in works: when you sign on to a website, think of the interaction as a blind handshake. The website asks you to verify your identity by sending you what’s called a “challenge”. Your Token signs that challenge with a unique key, and then the website knows that the challenge has been signed using your key. However, that unique key is never known to the website. And this whole sign-on process will be super quick — it just takes a double knock on your laptop.
Your Credentials Can Only Be Used By You
Currently, if someone steals your credit card or gets access to your passwords, they can do a lot of damage, particularly since most of us use the same few passwords across multiple sites. Token solves this with two pieces of technology: a proximity sensor and a fingerprint sensor.
When you put Token on your finger, it scans your fingerprint. Then — and only then — will the ring be activated. If you decide to remove your ring (after you get home from work, for instance), the proximity sensor sends a signal to deactivate the ring. The result is that, although someone could physically steal your ring, they can’t steal your credentials. The data within the ring becomes completely useless to anyone other than you.
What’s more, a stranger couldn’t gain access to your information stored within the ring because the secure element itself is ironclad. It’s not the kind of hardware you could break into and make any use of. In fact, if the secure element is tampered with, it essentially self-destructs and it’s rendered useless.
Using Your Credentials To Prove Your Identity Takes Only Seconds
These days, all of us are spending far too much time trying to remember passwords. Then, once we’ve forgotten one for good, we waste time entering credentials to try to convince a website it’s really us. We also spend time whipping out credit cards, and, if you’ve ever been the victim of a security breach or lost your credit card, you know the process of rectifying that situation can be a logistical nightmare.
With Token, you won’t need to enter passwords anymore — and that’s true across the entire digital landscape. When you open your PC or Mac, knock Token twice and you’re in. And, once you’re using Chrome, Firefox or any number of other browsers, you’ll receive a prompt to sign-in, knock twice, and voila, you are in. This all means no more racking your brain for one of the dozens of passwords you may use, no more trying to remember your third-grade teacher’s name or your dad’s hometown, and no more entering long alphanumeric codes that have been texted to you.
And when it comes to credit cards, you will no longer have to insert your card and wait for the chip to be read or swipe your plastic and see that the terminal failed to read it. Instead, just hold your Token over a mobile payment reader or credit card terminal, and after a couple of seconds, see that you’re approved to stroll out with your groceries in tow.
Overall, our standard is that you’ll be able to prove your identity or pay for a product or service in one or two seconds — basically, quicker than what you’re currently doing.
A Secure Digital Future Requires Usability To Be A Priority
We believe Token is a big step toward a more secure world where you can easily authenticate yourself in your ever-growing digital life. It is not, however, the final step towards fully protecting your identity. Passwords will still exist (unfortunately) and so will credit card numbers, so there will still be opportunities for hackers and thieves to take advantage of us.
However, if you’re using Token, those opportunities will not only be vastly decreased, but you will also help set the stage for a much safer digital future: one where identity fraud doesn’t exist — because if your identity can’t be stolen, it can’t be impersonated. As more people adopt Token, the more powerful our argument becomes that we have no need for the broken and unsafe way we currently authenticate ourselves — by typing in passwords and paying with plastic.
We aspire to be digitally-inclusive without compromise, to be compatible with the growing ecosystem, and to let the consumer’s voice be the loudest and most influential in our product design. If we’re successful in accomplishing these things, the internet will be a more secure place for all of us.
In the coming months, we’ll be announcing opportunities for our community to partake in the discussion in meaningful ways. Sign up for our newsletter if you’d like to be alerted of ways you can get involved and help us build a more secure digital future.