As the answer to the problems discussed last time, Appavatar has created a concept, 'Loitr' , a smart phone application that will enable to authenticate with mobiles. This application lets users of a service authenticate themselves to it without having the need to remember or type their login credentials instead they can authenticate by simply pointing the cameras of their phones to their computer screens. Loitr works with QRs thus reducing the cost to minimum as compared to NFC. Therefore, Loitr is not a password manager as there is no use of username and password in the entire system.
Since there is no information on user identification anywhere in the system, a massive breach will be of no value. Furthermore, even if the mobile is stolen or is being tampered with, it cannot be used to login to any website as the entire application is locked down with an access key. So this makes it 2 Factor authentication process.
Currently there are 3 Factors which can be used in combination for authentication:
- What you know (Passwords & PINs),
- What you have (a plastic card, your phone or any physical object)
- Who you are (biometric).
Loitr is a combination of two Factors i.e. what you have (your phone) and what you know (the Access Key to the Loitr app), so anyone seeking to impersonate the target using Loitr has to have the target's phone and know the Access Key. This is far better than current web login systems where anyone can impersonate someone if they know the password.
It can be used to log into websites, make payments online or even replace cards at ATMs. Any scenario or process which involves ascertaining the identity of a person sitting in front of a screen can use Loitr to do that instead of using any extra hardware e.g. keyboard, NFC, fingerprint scanner..
Significant work has been and is being done in this area of mobile development. We are certainly convinced, having seen & developed a possibility, that the future won't have passwords or for that matter any kind of login information process. This current age of virtual attacks and identity thefts has gathered a great social and economic impact which has motivated many to sponsor the research & development to overcome this Achilles Heel of the Internet.