The password as a digital authenticator is under more strain than ever. But is the answer to memorizing multiple complex secure passwords to rely on proximity and a physical wristband for logging in to devices and websites? The U.S.-based makers of a device called Everykey believe so.
Theyâre currently Kickstarting their wearable, looking to raise $100,000 to turn a prototype Bluetooth-powered authentication wristband into shipping product by March next year.
Theyâre not the only ones eyeing up the security potential of wearables either, with Appleâs forthcoming Watch apparently relying on a biometric heart rate for authentication when using its NFC-powered Apple Pay function. And Toronto-based startup Nymi also working on a heart-wave sensing authentication wearable. (We saw a demo of their wristband back in April.)
Everykey is following a similar wearable route to Nymi, with a basic wristband that has a single security-focused purpose, but is not bothering with any biometrics, which does mean youâre putting your passwords in a single unsecured physical basket (i.e. a form that can be stolen and used by someone else to log into your stuff).
Why is it avoiding any biometric component? Everykey CEO Chris Wentz expresses scepticism about acquiring accurate electrocardiogram data â as Nymi aims to do â via a single wearable point, i.e. rather than having multiple electrodes on the body. Hence Everykey staying away from biometrics.
Itâs also aiming to undercut Nymi on price â given that thereâs less sensor kit required inside its wristband it can offer the wearable at a lower price point. The Everykey is up for pre-order via Kickstarter for $50, vs Nymi costing $79. It also offers better battery life, of up to a month.
Wentz says it is expending effort on making itâs wristband look a bit more #FASHION than the average generic plastic bangle. Although, to my eye, thereâs not a huge amount in itâŠ
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla â just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Donât miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla â just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Donât miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
What about the inherent insecurity of putting physical passwords in an easily stealable form? âYou can disable your Everykey at any time just like a credit card by calling us or deactivating it through our website,â was Wentzâs response. So this is absolutely a trade off between convenience and security.
But, given how troublesome passwords are becoming, it may be a trade-off some people are willing to make. The problem of too simplistic passwords is huge and growing, with hackers data-mining leaked repositories of passwords to get better at guessing the words humans use to try to secure their digital stuff.
If a password is simple enough to be memorable, chances are itâs hackable. But more complex passwords are also starting to be cracked as hackers train their systems on leaked password data to get better at brute forcing our 0p3n s3s4m3s.
Password manager software, such as LastPass or PasswordBox, is one answer to this growing password-generated security gap. Everykeyâs wearable device, which uses proximity and Bluetooth to work with a range of devices as well as websites, is another â although the wearable wonât support authenticating mobile apps unless developers integrate Everykeyâs SDK. So itâs not a case of one âwrist-ringâ to unlock them all.
The Everykey wearable does not store any passwords itself, acting purely as an authenticator, via an encrypted signal sent over Bluetooth 4.0 when the wristband is within a customisable range to the Bluetooth device you are using. Device passwords are stored on the devices themselves in keychains, while website passwords are encrypted and stored on Everykeyâs servers.
The use of Bluetooth 4.0 limits which devices it can unlock, unless you add a Bluetooth dongle to older hardware. While iOS unlocking will only work for jailbroken devices. For PC users, Everykey is also only compatible with Windows 8.1+; older versions of Windows arenât supported, so again thatâs a limit to its usefulness.
What about website compatibility? âEvery website Iâve tried Everykey on has worked with Everykey.  Our algorithm for identifying a login field is pretty well refined and while we canât guarantee that it will work with all websites, itâs very reliable and works on all the top websites (Facebook, Gmail, Twitter, etc) as well as every other website weâve tried it on,â says Wentz.
âIn terms of the devices themselves, Android, iOS, Windows, Mac OS, and Linux are all supported â keeping in mind that iOS requires a jailbreak for the device unlock itself,â he adds.
There is apparently no limit on the number of close-by devices that can be authenticated via the wristband â a tech it has filed a patent on. However itâs still working on ways to support logins to websites where a user has multiple accounts, so might want to specify which account to log in to. Managing multiple Everykeys owned and used in close proximity to each other also sounds like it will require some additional thought to avoid the wrong user being logged in.
To set up Everykey for unlocking supported devices entails downloading an Everykey app, then pairing it with the wristband (pushing a button on the device to activate pairing mode) â and then typing in a unique code printed on the back.
When logging into a website for the first time Everykey automatically encrypts and store your username and password for that website, via a browser extension (once youâve installed its software). The companion software can also be used to generate a complex password, as other password manager software offerings do, if you donât want to come up with a tough enough string yourself.
Everykey looks to be â at best â a partial fix to a messy problem, and one that evidently prioritizes fashionable convenience over security.
Adding a two-factor authentication feature that loops in the proximity of the mobile userâs phone to bolster security would be a welcome addition but isnât currently offered. âTwo factor authentication is something weâre interested in, itâs not yet a feature but may become one if thereâs enough demand,â says Everykey, responding to comments on its Kickstarter campaign.
With caveats like these itâs clear Everykey wonât be for everyone. But itâs managed to pull in close to half its $100,000 funding goal thus far, still with almost two weeks left on the clock, so this wearable password manager may yet fly. If its makers get their prototype to market, how smoothly it flies and how far it travels remains to be seen.
