I met with Toopher's Josh Alexander, Co-founder & CEO to discuss their two-factor authentication platform. He explained their their two-factor authentication is drop-dead simple leveraging your mobile phone's location - pulling location data from GPS, 3G/4G triangulation, and Wi-Fi, which usually grants accuracy of at least a couple hundred feet even when indoors.
Two-factor authentication is nothing new - Google for instance offers two-factor authentication by sending you a SMS to your mobile phone with a PIN to authenticate your device. Of course, I experienced an issue with Google's YouTube two-factor authentication because my house has poor cell signal and I didn't receive the SMS. Josh told me that's why there is a pretty low adoption rates of many competing two-part authentication methods. He added that their solution doesn't rely on SMS and you can simply leave your phone in your pocket with no need to enter a PIN due to its leveraging of location data. If your mobile phone is located within say 200 feet of the device requesting permission, then automatically grant access - if not, then display a notification message on your mobile device allowing you to permit or block access. They just announced an Apple iOS version last Thursday and have had an Android version since the Spring.
Josh told me, "If you can remember your password it's not a good password. If you can't remember your password it's not a good password." He then told me how RSA tokens are good, but inconvenient since you have to pull our your key fob or mobile phone to generate a token. I told him how many gas stations require than I enter my ZIP code for the two-factor authentication and it's a bit annoying when doing this in 10 degree Connecticut weather when I just want to get the pump started quickly. It would be nice if the credit card companies could detect my mobile phone location and use that for the second-factor.
Toopher is an interesting cloud-based platform and I hope it comes to market quickly. In a way Toopher could perhaps negate the need for NFC (Near Field Communications) in mobile phones. Though you still need to transmit your account info via a credit card swipe, barcode, Bluetooth, or a key fob, so perhaps it can't be a NFC replacement.
Here's Josh Alexander giving a brief overview of his company: