

Show HN: Developers, Kill Passwords today with LaunchKey. - devinegan
https://blog.launchkey.com/2013/07/01/public-beta-launch/
The LaunchKey API has moved to Public Beta and the team formally invites Developers to begin implementing LaunchKey on your systems and projects.<p>LaunchKey eliminates passwords by providing physical authentication through the devices you  already own.
======
jayfuerstenberg
Possession of an iPhone or other device as a system of authentication is
actually less secure than even a fingerprint which at least takes some degree
of skill and tools to lift off of a surface.

Sorry but the core of your idea is not a solid foundation upon which the rest
of it should stand. You've obviously done a great deal of work and it "looks
nice" so it hurts me to tell you this.

You've basically re-invented the Japanese INKAN...

[https://en.wikipedia.org/wiki/Inkan#Japanese_usage](https://en.wikipedia.org/wiki/Inkan#Japanese_usage)

Passwords, as painful as they are, work because they are secrets.

Fingerprints, eye scans, vein prints, voice patterns etc... are not secrets
and can be/are replicated anytime.

Possession is just another form of a non-secret and between the moment your
device is stolen and the moment you report the fact there is a window for
abuse.

Passwords don't permit such abuses.

I hope my feedback will be constructive for you.

~~~
devinegan
Thank you for your feedback. We certainly seem to disagree about the security
of passwords in general.

With that said, our system supports far more than a possession factor.
LaunchKey has a Pin and/or Digital Combo lock (your secret) on the app level
for a knowledge factor and Geo-fencing available for an inherent factor.
Combine these factors with possession and you have a very secure system.
Reliable bio-metric factors could certainly be implemented in the future as
well.

As you said Passwords are painful, especially when we don't know them any more
and pass them off to a third party application. The explosion of Password
Managers such as your own indicate that users are expected to carry the
burden. There has to be a better experience and solution for consumers and
systems alike.

~~~
jayfuerstenberg
Well, possession might work better if it were a chip you'd implant in your
body. Then at least it wouldn't be prone to theft.

You'd just need to convince people to implant something in their bodies.

In any case, you're free to your opinions and the market is the ultimate
decider of what floats and what sinks. Good luck to you and your project!

~~~
tux1968
Presumably you'll know if your phone has gone missing and can then deactivate
it as an authentication token long before someone could combine it with
guessing your PIN. There has been a secure token business operating for years
without a major problem due to token loss. Migration to using your phone
instead of a separate token is a natural transition and doesn't change the
fundamentals much.

------
nsm
How does this work if I don't have a smartphone?

~~~
devinegan
Currently we are supporting iOS and Android ecosystems. This includes Tablets
and Phones. We will have apps available for a wider variety of devices
(Windows Phone, PC, Mac, etc) in the near future if you device isn't currently
supported.

