In March, more than 41 million users of the note-taking software Evernote were instructed to change their passwords because the company had detected hackers attempting to break into its network. It was the latest in a series of high-profile attacks.
No wonder website administrators hate passwords. So do users, weary of inventing yet another unique, non-dictionary password combining upper and lower case letters, numbers, and special characters. LaunchKey replaces all that with a smartphone app, letting users sign into a site with a username alone. The software sends a signal to the user’s smartphone and he or she completes the sign-in by swiping the smartphone screen.
The service is launching at just the right time because passwords won’t work much longer, says Rick Duggan, director of website systems at Zappos.com and a LaunchKey adviser. "As computing gets faster, hackers will be able to crunch through passwords and figure out what they are [by trying every possible character combination]," he says. "We’re getting to the point where we’re not going to be able to outrun that anymore."
The idea for LaunchKey comes from Geoff Sanders, 28, whose varied past includes a stint in the Air Force, five years of touring as a drummer in a rock band, and appearing as a photographer on the reality TV series Playboy Shootout. "While my life story has been all over the board I've always been involved in tech," he explains. He adds that he studied electrical engineering in college before dropping out to build websites full time.
Sanders, along with co-founders Devin Egan, 31, and Yo Sub Kwon, 26, won first place and best design with the LaunchKey concept at the Startup Weekend Las Vegas competition in July 2012. That same week, hackers had posted nearly half a million Yahoo passwords online. The team also got $750,000 in start-up funds from Vegas Tech Fund, founded by Tony Hsieh and other Zappos.com execs.
Seven months later, the LaunchKey app is available free in the Apple App Store, with an Android version coming soon. And on May 31, LaunchKey’s API (application programming interface) will be made public, allowing Web developers everywhere to incorporate LaunchKey into their sites for free. The company hopes to raise another $2 million in funding this year and eventually monetize the service by selling a higher-end version to large organizations.
But first, LaunchKey needs to become a standard for passwordless authentication, which means it must continue to move fast, since Google, for one, is reportedly testing a passwordless USB device. Despite the competition, Duggan believes LaunchKey will end up with "a significant portion of the space."
"The main thing about LaunchKey is the simplicity of it," he says. Some smartphone-based solutions send a code to the phone that the user must type in, he notes. "LaunchKey’s improvement is they realized that you have the phone, so they send you a message that you can acknowledge with a swipe. If someone else is trying to sign into your account, you’ll know that too."
"What we’re doing with LaunchKey is drastically needed," Sanders says. And it’s not for websites alone, he adds--it can work with anything that connects to the Internet. "In theory, you could someday start a car with LaunchKey."