After making (EmojiPass)[http://www.hackathon.io/p-face] where a selfie-taking process can be used to securely verify identity for payments, I have been thinking more and more about mobile security, specifically a better solution for users to secure their data while having a good experience.
How it works
The Authom app is a demo of three-tiered security solution.
The most secure layer is EmojiPass, as linked above. The self-taking process, including speed of smile formation, phone tilting, and the face itself uniquely identifies but the right, personal emotion and expression. This is suitable for payments.
The second secure layer is TouchID. Many private information is stored on phone, yet many 2FA services use a phone app to input a code. This makes no sense at all, given that a phone can be compromised, rendering the 2 factors parallel. The TouchID is orthogonal to having the physical device. Moreover, service providers don't have access to the actual fingerprints, just the fact that the user authenticated.
The easiest layer is single sign-on, implemented using Twitter Digits to associate a user's phone number with an account. The phone number is the best available public key for mobile, naturally, so the easiest identification ought to take advantage of that.
Challenges I ran into
Style, as always. No teammates. Didn't know how to make it into a product.
Accomplishments that I'm proud of
All the decisions regarding the security paradigm makes sense. Finally making something that is innovative and useful in a hackathon.