
LaunchKey: Anonymous Multi-Factor Authentication Platform - nreece
https://launchkey.com/
======
cryptolect
I don't like the amount of permissions their mobile (Android) app requires:

* storage - modify or delete contents of usb storage

* location ?

* your applications information ?

* bluetooth settings ?

* network communication - full network access

* system tools - test access to protected storage ??

* network communication - view network connections

* your accounts - find accounts on the device, read Google service configuration ??

* affects battery - control vibration, prevent phone from sleeping

So I'm interested, but it seems like it needs way more access than the app
should require. Until they cut down on the permission requirements, I'll be
avoiding it.

~~~
jchysk
Storage: your settings Location: Geo-fencing capabilities if you want to lock
to specific geographical coordinates. Your applications information - ???
Bluetooth settings - For device factor if you want to restrict authentication
when in Bluetooth range or a paired device. System tools - test access to
protected storage - Private keys and information that identify your device
need to be protected as best they can be. Your accounts - read Google service
configuration - I don't know, is this just some kind of regular permission?

------
pedalpete
This sounds fantastic, and my first reaction was "don't I need a password on
LaunchKey in order to unpair my device?" So I checked it out, and they only
use your username and e-mail.

Unfortunately, I can't download the app for WP7, so can't check for myself how
it works, but my next step is to wonder if I can take somebodies phone, which
has their e-mail, unpair their devices and change the notification e-mail
address?

Either way, I'm really excited about the potential of this. Oh, and absolutely
LOVE your logo.

~~~
geoffsanders
Hey pedalpete, unfortunately we don't support legacy Windows Phone yet, but we
do support Windows Phone 8+.

As for your question regarding a stolen phone, in addition to built-in device
security (such as a PIN lock or remote wipe) we've provided a number of
features that should help users in such a situation: First, the LaunchKey
mobile app comes with two in-app knowledge factors (a numberless combo lock
and a standard PIN lock) that can be enabled to prevent access to the
LaunchKey app itself. Second, a user can enable geofencing or add a Bluetooth
factor to prevent the device from authorizing outside specific geographical
zones or when unconnected to specified Bluetooth devices (a FitBit, iBeacon,
etc.).

While in theory an attacker could disable these services within the app, we've
assigned 60 minute delays to creating or removing geo-fences and Bluetooth
device factors. The idea being that you should realize your phone/device is
gone within an hour, and within that time you can use our third protection:
remotely unpair a device via the LaunchKey website or via another paired
device, thus disabling that device.

Thanks for your feedback and please let us know if you have any other
questions or comments!

(disclosure: I'm a co-founder of LaunchKey)

