Can your mobile phone become a replacement for manually typing in a password? That’s the promise of a new application called Knock, launching today, which uses an iPhone paired with a Mac desktop or laptop computer to log you in to your locked machine. The system takes advantage of the newer low-energy Bluetooth technology to enable the connection between the two devices, allowing you to just knock (you know,knock, like on a door) on your iPhone to login. But the company has ambitions to expand beyond unlocking computers, and envisions bringing Knock to browsers to log into websites, and eventually letting you “knock” to open anything, including even your home’s front door, perhaps.
The company was founded by William Henderson, who previously worked on the Wallet team at Square, and Jon Schlossberg, who led user experience at Bonobos. The two teamed up earlier this year after being introduced by a mutual friend. They soon had their first Knock prototype built after just a few weeks.
Henderson says that working at Square inspired him to think about how the user experience can be applied to other areas where it’s been systematically neglected, such as security, similar to how Square proved you could have a great user experience around a financial product. He had also worked with Bluetooth LE while at Square, which gave him the idea to apply the technology to passwords and logins.
“When I met Jon, we were talking about this problem with passwords, and it was obvious to me that Bluetooth LE could help with that,” says Henderson.
The original prototype they built worked using proximity, but the team found that users didn’t like that their Mac unlocked just because they were near it. They wanted to signal in some way that they meant for the unlock to happen. “It was cool,” Henderson says of this first idea. “But people got freaked out by it. They didn’t know it was going to happen, and they weren’t expressing their intention in any way.” He equated the problem to the way people still hit the “lock” button on their car keys even though their car will automatically lock for them – they still need to feel like they’re taking an action.
Now in its 1.0 release, Knock users signal their intention by gently knocking on their phone’s screen. This works even when the phone is in your pocket, which seems almost too easy.
Getting started with the product is also simple. You first download the free Mac app and the $3.99 iPhone app. Because Knock uses Bluetooth LE, it will only work on iPhone 4S and up, as well as on newer Mac computers (2011 MacBook Air or newer, 2012 MacBook Pro or new, 2012 iMac or newer, 2011 Mac mini or newer, and the 2013 Mac Pro).
You then launch the app on the Mac and iPhone, and you’re prompted to turn Bluetooth on if it’s not already. Then Knock instructs you to lock your phone. Unlike with Bluetooth, that’s the extent of your involvement with the pairing process – the app sets itself up on its own.
After the setup is complete, you’re asked to knock twice on your phone to confirm the pairing, and you enter in your Mac’s password in the box provided. And then you’re done. From that point forward, when you get back to your computer, a ring around your avatar will signal that Knock is running and you can knock on your phone to login.
Your password is encrypted using standard RSA encryption and stored on the phone, while the key that’s being used to decrypt it is stored on your Mac.
The company has been running a small beta with around 100 users for over half a year in order to get the experience right, and have pulled out some features ahead of today’s launch. One of the things they already have in the works is a way to use Knock on the web. “We chose unlocking the Mac because it’s a small thing we knew we could do in a 1.0 product, and we knew people would pay for it,” Henderson explains. “But if things go well, we have much larger ambitions. None of us like passwords, and we want to get rid of them.”
Using Knock on the web would require more work, and attention to security, he says, but it’s likely the step for Knock, along with an API launch. That feature would probably also come before addressing the needs of Android users. That’s not because they’re an iOS-focused company, however, but because Android software today offers more limited support for Bluetooth LE than iOS does – only the latest version supports the technology at all, and there are some differences in how it’s implemented currently which allows iOS to use less energy.
Longer term, Henderson imagines a future where Knock could unlock anything. “I’d love to be able to unlock my house and my bike with Knock,” he says. “The phone, whether you like it or not, is becoming this universal authentication device, and it’s a little scary because of the level of access.”
But he and Schlossberg want to address that problem by focusing on how they can take advantage of sensor data from the phone itself to know when it might be lost or stolen…maybe even before you do. It could then send you a notification on your devices, asking you to confirm your identity following whatever odd behavior it saw – another idea inspired by time spent at Square, where detecting potential fraud is ongoing a concern.
Knock is a bootstrapped team of just the two co-founders, which is why Henderson is based in Portland – the labor market is cheaper there, he says. That will allow them to stretch for longer without raising funding, or last longer if they do.
In testing, the app works as promised and easily, too. But getting users to adopt new behaviors can be challenging – just look at Bump, for example. Its technology let you exchange data by knocking devices together, but never became a runaway success, eventually forcing the company to find an exit by selling to Google. Knock could face similar challenges, though at least it has a revenue mode built in, and unlike Bump, it doesn’t require multiple users for the thing to work.
Just you, your iPhone, and your Mac will do.
You can download Knock here.
correction: Henderson is based in Portland, not Seattle, as previously stated.