As someone with limited patience for login screens and a seemingly endless supply of individual accounts to log into every once in a while I’m pretty much over passwords. Flat out done with them. As an inherently efficient (elegant masking term for ‘lazy’) person, I’m not the type to create the most complex password for each of my online services. Surely many of you will say that password manager solutions exist, namely LastPass – which is a pretty good product – but they only aid in masking the whole user authentication hassle for users in having to keep up with each of their accounts’ credentials. Even if you do take the time to craft that most obscure, secure, anti-h4x0r passwords for your accounts, that’s not a guarantee on their safety.
Why the dislike for passwords?
In a single account use case, the typical username/email and password combination works to an extent. That’s why that method got adopted in the first place. A user just needs to know their username/password credentials and they’re granted access to their online account with a service. In 2013, however, one has many online accounts, with varying authentication credentials. Some use your email as your username. Some allow you to use a moniker of your creation…if it’s available. Then there’s choosing a password for each of these services in addition to each of the usernames which tend to vary. Each site’s password requirements vary greatly from the length (4-6 character minimum) and even composition (a capital letter, a digit, a non-alphanumeric character, a drop of blood, 1 argyle vest, etc…). This is where things gets horribly messy. Off the top of my head here are a few accounts for which I have separate authentication credentials:
- this blog site/server
- personal email
- work email
- social accounts (multiple)
- banking accounts
Not fun. As mentioned earlier, password managers are a welcomed layer on top of passwords to aid users but that really only helps where it is available on your own devices. What happens when you trust in that password manager 100% and choose not to remember your password for any of your services? Let’s say you visit a friend’s and wanted to log into one of those accounts. How would you do that if they didn’t have the manager you use installed and didn’t remember the account’s password? Adding a layer on top of the process doesn’t erode the annoying process itself. This is where LaunchKey comes in.
Enter LaunchKey’s noteworthy approach to user authentication that I want others to know about – and hopefully adopt. I’m definitely rooting for this company’s success because I think they’re opening the doors for some welcomed innovation in this space. You can read more about their history as a July 2012 Startup Weekend Las Vegas participant.
What does LaunchKey do, exactly?
LaunchKey is pushing itself as a “Passwordless User Authentication” solution. Imagine being able to login to your favorite social network, forum or shopping site using a single username for each and swiping a toggle on your device. Nothing more. Nothing less.
Instead of maintaining several online accounts with varying credentials, in an ideal LaunchKey world, you would have a single LaunchKey username and one or more devices paired with your LaunchKey account (explained below). When you visit each site that uses LaunchKey for login, you supply your LaunchKey username and then use your device to authenticate the login.
Getting started with LaunchKey is straightforward and smooth. After downloading and launching the LaunchKey app on the iPhone, you’re provided one of two options: Create Account or Pair Device.
Creating a LaunchKey only requires your desired username, an email address and a nickname for you to identify the device you want to pair from others you may intend to pair with your account later.
Once you submit your information, you’ll get a verification email that will link you to LaunchKey’s site in order to confirm your device pairing request after, you know, reading their Terms of Service. Once you do that, your device will be paired to your account and then hold the key to you logging into any site that uses LaunchKey’s API for authentication.
How do you use LaunchKey?
Now that you’ve created your LaunchKey account and paired a device you will be taken to your empty online and in-app dashboards, known as your “Orbit”. Here you will find a list of sites for which you have presently-authorized sessions with your LaunchKey account. Again, since we’ve only just created this account we wouldn’t have any authorized apps but that comes next!
It’s now time for the coup de grâce – an actual demo scenario of LaunchKey in action! In awesome and admirable eat-your-own-dog-food style, LaunchKey uses their authentication system for their site dashboard, known as “Orbit”. This may seem a little Inception-like, ie, using LaunchKey to log into LaunchKey but assume we’re signing into any other web service like [a gratuitous list of imaginary, popular services here]. It all starts with a simple, single-field form that asks for your LaunchKey username.
Once you enter your username, an alert will be sent to your paired device notifying you that an app is requesting your authentication.
The app name and URL is shown and a simple swipe up on the LaunchKey toggle is all you need to grant you access to the site. Again, imagine that instead of LaunchKey appearing as the app name it could be your favorite e-commerce site or forum that you’re logging into. Once you enter your allow the request the browser screen that once requested your username will automatically log you in on that site. Done. That’s it. In this case, since I’m illustrating authentication on LaunchKey, you’ll be taken to your “Orbit” (dashboard) and then see that your active, authenticated application is LaunchKey itself. On another site, this second screen could be your newsfeed, inbox or similar page.
On LaunchKey’s Orbit you can choose to “Deorbit” an app which means ending your logged in session with that app. Any currently open app that gets deorbited will be automatically logged out in seconds from this central dashboard. You can do the same from your mobile device via the LaunchKey app as well.
Besides the password-less authentication mechanism that LaunchKey is providing, they have added security features that can be enabled on your device. You can choose to add a 4-digit PIN or “combo lock” security layer that will be required before authenticating any LaunchKey request if you think the app makes it too easy to get access to your online accounts.
And if I lose my paired device?
LaunchKey has designed for this scenario with a simple device unpairing system. In the upper-righthand navigation area of their site, you can go to their “Unpair Device” page. There you enter your email address and username, get an email to validate the unpair request and then you’re asked to select which device you would like removed from your list based on its nickname. That will revoke all authentication privileges from said lost device. No authentication loop here. No annoying support tickets to open with LaunchKey.
I like what LaunchKey is offering – a lot. It’s a refreshing take on what is essentially a bane of one’s online existence with a plethora user accounts across multiple services. It will be very interesting to see what the uptake on LaunchKey is like with developers and more importantly users. It should be a fun challenge user norms in getting them to convert to this method of authentication. LaunchKey is now in public beta as of July 1st, 2013, allowing everyone interested to toy around with their API for their own app authentication.
Viva la password-less revolution!
What do you think of LaunhKey? Drop a comment below!
*Special thanks to Jeffrey Lym for editorial help!*