The cool new Internet ideas of yesteryear often create the headaches of today, and some startups at the Demo conference are starting to try to solve those problems.
Young companies at this week's edition of Demo will be pitching a service to secure online transactions, a way to wipe objectionable entries from Facebook profiles, and a tool to simplify terms of service for both developers and consumers.
One of the most common ways to supplement password protection for access to enterprise resources or online services is two-factor authentication. Typically, this involves a constantly changing code that is delivered through a dedicated card, a numeric display on a credit card, or a mobile app. Users have to enter both a password they know and the current code from the device they're carrying in order to get onto a corporate VPN or a banking website.
When Toopher CEO Josh Alexander looked at this system, he saw high cost and inconvenience. The worst of it is, it forces users to take something out of their pockets in order to prove their identity to a website, he said. So, in place of a real-time code, Toopher uses the customer's current location, continuously transmitted by their mobile phone. The company's slogan is "Keep it in your pants."
Eliminating the need for tokens will make Toopher a more viable option for consumer services, which have largely rejected two-factor authentication, Alexander said. "Amazon's not going to pay $40 per year for each user to have a secure token," he said.
With Toopher, users download a smartphone app and register one or more locations as places where they typically do online transactions. The PCs or tablets they regularly use to access the online service also are identified, through cookies or other mechanisms. (Developers of smartphone apps can also set up Toopher to provide two-factor authentication right on their users' phones.) The assumption behind Toopher is that most consumers carry their phones with them everywhere, and criminals are unlikely to try an unauthorized login from the consumer's own computer while near their phone, in their home or office.
If a user registers her home as an authorized location, for example, then the website's authentication system will check the location of her phone after she enters her password. The location data never leaves the phone. If the phone isn't in her home at that time, she will get a prompt on her phone to manually grant or deny the login request, Alexander said. If the phone says it's in one of the authorized locations, the authentication works without the phone even being turned on.
The key to Toopher is that this doesn't require much effort. Though two-factor authentication with changing codes is fairly secure, no one likes to take out another device and copy a number from it, he said.
But Toopher can even be more secure than a real-time password in some cases, according to Alexander. For example, Toopher can re-authenticate users after login, every time they try to take an important action. This prevents hackers from taking over the session right after the user logs in, he said. Also, by setting a virtual boundary around authorized locations, the user can prevent improper transactions just by walking away from the computer. Rather than waiting for a predefined time before automatically logging the user off, Toopher does it when they leave.
The service can also be gated by time of day. For periods when a user normally wouldn't carry out a transaction, such as at night, he can make it impossible to authorize logins except by responding to a prompt on the phone to grant or deny the login request.
Alexander, who is a financial manager and a risk management professor, and his three partners in the venture have funded Toopher entirely by themselves. Toopher is available now in private beta. It will be offered on a SAAS (software-as-a-service) model, using licenses based on the number of authentications a customer needs to carry out peak hours. For small organizations with fewer than 500 customers, Toopher is free.
The software is available for Android now and will be out for Apple iOS soon, Alexander said. Toopher is also looking at other smartphone OSes for future deployments, he said.
If the eyes are the window to the soul, the Facebook profile sometimes looks like the doggy door. In the heat of status updates and comments, what appears on your profile doesn't always present your best side. NetworkClean says it can spruce up your image through a network-based service that searches text and flags potentially offensive or embarrassing words and phrases.
Even if employers requesting job applicants' Facebook logins is not as common as it seemed during a recent controversy, individuals' profiles on the site can affect their professional prospects if they're visible to the public. And companies, celebrities and just about anyone else with a brand now uses Facebook fan page to support it. NetworkClean CEO Kishore Mamillapalli co-founded the self-funded company with COO Doug Haustein to make it easier to know and control what's in your profile.