E-commerce companies, social networks, big banks, and other businesses with millions of online customers have to maintain an array of expensive servers to store passwords and usernames. Leaving all of that sensitive information in a central location can make it a tempting target for hackers.
Instead of storing sensitive information on company servers, software engineer Ramesh Kesanupalli says: Why not get rid of usernames and passwords and store login data on customers’ PCs, smartphones, or tablets? His startup, Nok Nok Labs, has designed software that lets users record their biometric data—voice, facial features, or fingerprints—on their personal gadgets. That’s a far more secure entry key than a username and alphanumeric password. When the user provides a valid match, her device connects securely to the desired website. For hackers looking to compromise that system, “they would need to steal your device, and your finger and your eye,” Kesanupalli says. “That’s not a scalable attack.”
Kesanupalli, 47, grew up near Hyderabad in southern India, a middle-class kid whose parents encouraged him to become a doctor or an engineer. “I wasn’t into biology,” he says, so he earned bachelor’s degrees in physics and electronics engineering at Nagarjuna University and the Madras Institute of Technology. He started out at the Indian conglomerate Tata, coding software to direct the guns on tanks, then in 1989 moved to the U.S. to become a data-security consultant for IBM.
Kesanupalli later helped found two startups, a wireless software firm sold to Harris Corp. and an early video-streaming developer that was sold to Akamai Technologies. In 2006 he became chief technology officer of fingerprint-sensor maker Validity Sensors and began laying the groundwork for the Fast ID Online Alliance, a security software consortium interested in replacing conventional passwords. “I knew the password had to go,” he says.
The engineer began trying to get rid of alphanumeric passwords in 2009. (He threw himself into the work after his wife died from cancer in 2010, soon after the birth of their daughter.) Nok Nok has raised $15 million from investors such as Onset Ventures and DCM, and the company’s patented software will be tested in 3 million devices this year, thanks partly to Fast ID partners including Lenovo, PayPal, and chipmaker NXP Semiconductors.
“We are extremely keen on the technology,” says PayPal Chief Information Security Officer Michael Barrett. Besides streamlining and improving security, Barrett says, biometrics will likely improve customer service: He estimates that 35 percent of his company’s help-desk calls involve password resets. Jon Oltsik, an analyst at information technology consultant Enterprise Strategy Group, says, “This has some exciting potential. The world is looking for something like this.”