1 Introduction
Nok Nok Labs is a privately held, venture-backed American company based in Palo Alto, California. It was founded in 2012 by a team of security industry veterans from companies such as PGP, PayPal and Netscape with an ambition to overcome many challenges of existing authentication methods and provide a scalable, secure yet easy-to-use and standard-based foundation for online authentication to unify the existing identity silos and to finally get rid of the long-outdated and deeply flawed password authentication.
Security experts have been predicting “death to passwords” for over a decade, yet despite all their efforts and the number of strong authentication solutions available on the market, passwords are still very much alive. In fact, with the continuing proliferation of cloud services, mobiles and other types of connected devices, the number of credentials users must deal with is only increasing. Over the years, the industry has come up with multiple password replacement products ranging from hardware OTP tokens and smartcards to various biometric technologies such as fingerprint scanning and facial recognition. Although some of these products have found their uses (primarily for large enterprises or highly regulated industries such as online banking), they have all failed to gain enough market penetration, especially with consumers. Reasons such as equipment costs, lack of interoperability, scalability issues and last but not least, complexity of deployment and usage, make organizations reluctant to invest into strong authentication and get rid of passwords, which are oh so cheap and convenient.
The company’s founders have always understood that a lack of standards was one of the primary inhibitors to broader adoption of strong authentication technologies. This is why Nok Nok Labs was one of the four founding members of the FIDO (Fast IDentity Online) Alliance, a non-profit organization publicly announced in February 2013 to address interoperability problems among strong authentication devices. Currently, the FIDO Alliance comprises over 260 members, among which are strong authentication vendors including Nok Nok Labs, payment providers such as PayPal or Alibaba and IT industry giants like Microsoft and Google.
In December 2014, the FIDO Alliance published the first version of their specifications encompassing two parts: Universal Authentication Framework (UAF), which is focused on password-less user experience on mobile devices and Universal Second Factor (U2F), which relies on various hardware tokens to augment existing password infrastructures. Together, these standards form a common foundation for a large ecosystem of various hardware, mobile and biometric authentication devices, providing certified interoperability, privacy enhancement based on strong cryptography and, last but not least, convenient and consistent user experience.
With FIDO specifications, any company can design and deploy a standard-based, scalable and future-proof strong authentication solution, spanning previously isolated identity silos without the risk of vendor lock-in. It is important to understand, that FIDO specifications are industry standards, not products and not every company possesses the expertise to design such an architecture from scratch. This is where Nok Nok Labs comes to the rescue, offering the full stack of client- and server-side technologies needed to incorporate risk-based biometric authentication into mobile or web applications. Nok Nok products are FIDO-certified, of course.