We hacked touchID on iOS to work with gmail and other Google sign-in products in the browser. Using it is very simple - you click log in on the "revised" gmail screen (we intercepted the html/JS and customized the screen), you scan your fingerprint on the phone when prompted, and you're logged in to gmail!

It's also very secure. The Google password is encrypted on the computer, and the phone has the decryption key, which is only sent if biometrics check out.

We're hoping to turn this idea into a two step authentication process for access to regular accounts (To deter Russian hackers stealing passwords). It's much safer than any current two factor login process out there (for example Gmail's text message+password combo), and much more convenient. It checks out for all three factors of "multi-factor authentication," which has never been done at the consumer level.

This project was written in the iOS8 sdk using Objective-C on the iOS end, Windows Azure sql and mobile services for the cloud/server end, and a JS Google Chrome extension on the browser side.

Share this project:
×

Updates