LaunchKey aims to secure your accounts online while abolishing passwords. For websites that have a LaunchKey login, you just enter your email, click the LaunchKey button, and get a notification sent to your phone. From there, you can approve or block the login – a similar idea to Google’s two-step verification. It takes a tad longer than entering a password, but aims to be many tads more secure.
“We have to move past and evolve past this juvenile system of passwords,” says cofounder and CEO Geoff Sanders, who cofounded the company with Devin Egan and Yo Sub Kwon. “I think I used passcodes to let people into my treehouse when I was a kid, and we still do the same thing to allow people to sign into secure systems around the world.”
LaunchKey is currently in private beta, working with a limited number of users and websites. Conceived at Startup Weekend in July, they plan to launch publicly in March and open up their software for any website to add LaunchKey logins. They will use today’s funding to hire iOS and Android developers, and find office space in Las Vegas.
A slew of recent events have highlighted the vulnerability of passwords. Some LinkedIn passwords were compromised in June. Thousands of Yahoo! passwords were hacked in July. Wired author Mat Honan had his Apple, Twitter, and Gmail accounts hacked in August, and the hackers deleted all the documents, messages, and photos from his Apple devices. After that incident, he wrote a piece on Wired called “Kill the Password: Why a String of Characters Can’t Protect Us Anymore.”
The problem with a string of characters, says Sanders – besides being hackable – is that you enter it elsewhere, on a website on the Internet. What that means is, as with door codes on cars, someone could be trying to break in without you knowing. LaunchKey solves that problem by notifying you of login attempts in real time.
For added layers of protection, you can use “geo-fencing” to mark off a certain radius where you’ll be logging in from (say, your home or work or city), and prevent anyone outside that radius from getting in. You can also “lock” your account, so no logins can occur – say, when you’re sleeping or on vacation. And LaunchKey displays a list of all the accounts you’re currently logged into, and lets you log out of them all at once.
LaunchKey itself requires no password; it links to your device when you download the app. If you happen to lose your phone, you can de-link it from your account using another device. All these measures try to increase security to a maximum, so LaunchKey could be feasible for corporations and government. In fact, it was the government that inspired the name: for security, two people were required to turn “launch keys” simultaneously to launch a nuclear weapon. It’s a fitting inspiration after a year of privacy scares and password leaks.