Forget Passwords. Use JAR.
Forget Passwords. Use JAR.
JAR is getting rid of passwords by turning your finger into what is needed to access a website, your private data, and many more.
JAR is getting rid of passwords by turning your finger into what is needed to access a website, your private data, and many more. Read more
About this project
JAR is the first biometric crypto-key for end customers: it turns your finger into what is needed to securely log in or register or access any kind of data (without letting any 3rd party access your fingerprint, ever)
JAR is, in practice, 100% secure: hacking one JAR requires continuous physical access and would take 6 quadrillion years
- Losing your JAR does not create a continuous lock-out for the user
JAR's software part will be made open source. Completely.
JAR's encryption is based on a 2048 Bit RSA-key pair, containing a public and a private key
JAR will cost 99€ or less (or the equivalent in your currency) as a one-time fee
- We, as the operator of JAR's hard- and software, will never store any usage data. Nobody can access the data stored on the JAR itself but you. Ever.
JAR is getting rid of passwords. On the web, on your Mac or PC, on your smartphone. With JAR, devastating password leaks, compromised accounts and forgotten passwords will become a thing of the past. JAR turns your finger into what is needed to access a website, your private data, connect to friends or internal company networks and wire money. We are made up of two founders and a core team of seven colleagues, each having experiences and responsibilities in a different field.
Together, we want to turn the digital world into a safer place - and give 3 billion Internet users an easier, yet safer possibility to identify and authenticate themselves. The initial feedback on our prototypes has been very positive. This feedback is the foundation that we want to base the next steps on: to finish building and launching the product with the help of partners that support our long-term vision - and the desire to create something that matters.
Thanks for your interest in JAR! If you have any questions or feedback, please contact us - we'd love to hear from you!
All the best,
The problem we solve can be divided into three tiers: the lowest one represents the need to authenticate in the digital world. This is done by using a secret - most of the times being a combination of a user name and a password - which can be provided by the respective user only. The second, medium, tier is the problem of inconvenient passwords: passwords have to be easy to remember, but at the same time hard to guess for machines. This leads straight to the highest and third tier: human comfort. Many users tend to create convenient passwords like 123456, password or qwerty, facing the tradeoff that those passwords are either too short, too simple or both. Hackers compromise websites and servers with increasing success, and users struggle to manage their growing numbers of accounts and passwords which are necessary to authenticate oneself. This creates a divergent, gray area: the web companies’ requirements for increased technological security conflicts with the users’ need for a simpler, more convenient way to access their data.
In the decade between 2004 and 2014, the number of stolen datasets related to personal accounts increased nearly twentyfold to the incredible amount of 1,500,000,000. At the same time, the annual global damage directly resulting from cyber attacks in the US has been close to the mark of €1bn, representing a sixfold increase in the last ten years.
Our radical approach with JAR: abolish passwords. Instead, we are developing a hardware solution, based on an asymmetrical encryption method which makes digital accounts invulnerable against security gaps of other services. JAR is the first biometric crypto-key for end customers. Instead of using passwords to access websites, the user can login or register with the touch of his or her finger. This solution removes the complexities and frustrations associated with passwords. With intricate and secure technologies, it offers unparalleled and future-proof security (hacking one JAR would take 6.4 quadrillion years) and an overwhelming level of simplicity at the same time. JAR is also designed to eliminate security gaps, clutter and inefficiencies for B2B customers whilst keeping operational and implementation costs low and predictable. At the same time, digital service provider will experience significant benefits enabling our system for their users.
All it takes to log into a website is a click on the „Log in with JAR“-button, along with placing your finger gently on the surface of your JAR. It’s fast, intuitive, and there are no passwords in sight. JAR works with any device that has an audio input and is protected using a military-standard encryption to ensure your security. Our company does not - and will never - have access to the data which is encrypted on JAR, so we have no way of decrypting your passwords.
If you lose your JAR, you can call us or go online to deactivate it. After you’ve deactivated your JAR, a message is immediately sent to all of your devices, letting them know that they should not prompt access to your digital accounts protected using the lost JAR.
Because each message is encrypted separately, there’s no way to derive one message from the previous message; each encrypted message broadcasted is non-deterministic and pseudorandom. Your devices will only unlock for the most recent message, so a hacker is unable to unlock your devices by re-broadcasting an old message. Only devices that you’ve set up with your JAR will have the ability to interact with it. A device still has to verify its legitimacy through an automatic encrypted handshake in order to interact with your JAR.
With JAR, we wanted to design something that would fit seamlessly into your life. Too often technology simply looks like just another piece of technology. An integrated hook for your keychain makes it effortless to carry JAR everywhere you are.
JAR is available in two beautiful colors, soft white and dark grey. In addition to the two different colors, JAR comes in two sizes as well:
- one bigger, 42 mm version
- and one smaller, 36 mm version:
Business before pleasure, of course. However: we are convinced that a very personal device like JAR should fit to you. And, luckily, everybody is different and has their own preferences. This is, why we'll offer JAR in a wide range of different styles and colors if we exceed our goal. We estimated to need €100k to implement everything we want to. If you, as a backer and a part of the awesome Kickstarter-crowd, think that JAR is as cool as we think, and if we would reach €150k, we would be able to offer JAR in as many as 15 different colors. We are not going to tell you which, because you can vote for the color of your preference on our website. We'll produce JAR in the 15 most popular colors as determined by the crowd. Now, that is true democracy up from the base! ;)
JAR is tailored to the needs of users of digital devices. It is so intuitive, it can be used by a five-year old or by an eighty-five-year old. Registration or log-in with JAR is extremely fast, which makes it interesting for B2B customers as well. In fact, next to the classical B2C business, we will offer in-house software solutions for B2B customer, which will substantially increase the usability of the JAR-system. It will be possible to reflect hierarchies (i.e. "User of the JAR number 8S6DS5DW is not allowed to access file XYZ, while the user using the JAR Y6IPFJBH is"), and many more. We will offer attractive pricing for B2B customers, but will generate an increasingly important part of our revenue with developing those software solutions and maintaining them.
We plan to develop three own digital services, mainly tailored to the needs of our B2C customers. They are:
- JAR cloud, a reliable, fully-encrypted cloud storage. The files are encrypted on the device of the user using his or her JAR, and uploaded via a protected SSL-connection;
- JAR vault, an offline storage on the JAR itself for extremely sensitive, personal or work-related data, which can be unlocked only with the fingerprint of the owner;
- JAR exchange, a fully-encrypted messenger, which can be used to transmit text, images and other media files using any device that features an audio jack.
All those services will be for free for private customer and can be controlled using our application for mobile devices or web-based applications.
A substantial component of our strategy is to team up with strong service providers, such as eBay, Facebook, Amazon, PayPal and more. Our business team analyses the business model of each relevant, potential partner in depth to figure out, how a promising approach can be made.
An important operational part is the validation of user data in this field. We will offer our customers to store a limited amount of personal data on our servers, which are linked to an unique identifier of the JAR. This data will consist of the name and/or birthdate and/or email and/or address and/or payment information. We are emphasizing, that this is voluntary and not mandatory! After we have validated this data, it can be forwarded to service providers, for example when the user of JAR with the identifier JAIPNJBA tries to register him- or herself on a website. In this case, when the user places his finger on his JAR and confirms the registration by clicking a button on the website, we would forward the data he provided us with (and ONLY this data!) to the service provider.
Using the three companies named above, advantages for companies when implementing JAR could be as follows:
eBay: eBay is famous for its seller's protection. However, this imposes a lot of organizational and financial stress on the organization: if a buyer is not satisfied with his purchase, and his claim is accepted by eBay, eBay refunds the amount paid and tries to get back the money from the seller afterwards. Obviously, this is no optimal solution.
Using JAR to register, we could automatically validate the user's information instantly, which would allow eBay to certify the user publicly as a "Verified user" or so. When a buyer has to choose between two seller of the same product, one being verified by us, one who is not, intuitively, he would choose the verified user. This increases the pressure for every non-verified user to verify himself as well. With an increasing amount of verified user, where eBay can be certain that the data provided is correct, the amount of fraud or other harmful behavior will decrease, and so will eBay's expenditure for its seller's protection.
- Facebook: Facebook strives to balance between fast growth and valid user data. Registering on Facebook is extremely simple, yet one can claim that his name is Barack Obama without Facebook is becoming suspicious. This is a potential harm to Facebook's core business, displaying highly personalized advertisements: they want to display advertisements to you, not to you claiming to be a female, 23-year old version of Barack Obama. Using the same verification process as eBay, Facebook could minimize this risk, offer registration with valid user data in seconds.
- Amazon: Amazon, your "one click"-purchase is nice. But I have to register myself before, validate my email, provide you with my payment information, activate "one click" and then I am able to purchase a book with one click. How about "one touch" instead? A user, who has never visited Amazon before could purchase the book, literally, with the touch of his finger. Sounds great, huh?
We are a small company with a big dream, developing an awesome tool which could make the web a safer place. We want to highlight that we are not interested in your user data or similar data. For further information please refer to our FAQs.
JAR is expected to be ready for revenue generation as of early 2016, after starting the mass production of our hardware. Web companies and large enterprises will eventually pay us a yearly fee for security certificates, validating them as being trusted service providers after receiving these certificates for free for the first three years. The customer target price is €99.
88 per cent of the 3 billion web users use services that require a log in. Primarily, our focus will be to satisfy demand in this B2C business. Later, we expect to generate a significant amount of revenue by providing B2B customers with customized in-house solutions, extending the possible uses of JAR in a business environment.
Strategically, we will split our efforts in two respective tracks: generating broad public interest for B2C customers by exposing our brand clearly visible in the general public on the one hand, and supporting B2B customers individually with the required intensity and effort.
Existing solutions are based on one of two premises: they are either makeshift quick fixes that only address the end user’s need for convenience, working with local databases to store passwords instead of replacing them.
Or they are complicated and expensive systems that are secure, but difficult and costly to implement, and repelling to end users. JAR accomplishes a solution that is truly password free, truly secure, and truly easy to use.
Companies that operate in our field are Facebook and Twitter, Google, Mozilla, Cisco, RSA, DuoSecurity, Authy and some smaller companies.
Using our itisonyou-domains as well as the hashtag #itisonyou, we plan to initiate a global online campaign to inform users of digital services about JAR. We will trigger the interest of the visitors on a highly emotional basis, without revealing the background (i.e. our product JAR) until the end of the experience.
On the website, we will distinguish between goals and dreams: we will introduce inspiring people, who achieved inspiring things because they dreamed boldly: "Everybody dreams. Every night. Most of the times, we are not aware of it, can't remember afterwards. But sometimes, a little remnant remains, something you can't forget. Something you begin to make an important part of your life. Something you chase. Something you can reach. Some dreams suddenly become goals.
This very project is about dreams and goals. You saw some inspiring dreams and met their dreamers. People who reached things that seemed impossible at first. [...] Will you become a part of our movement? It only depends on you. You have everything it takes. Its. On. You"
By revealing our technical solution of a huge problem step by step, next to the golden thread of dreams and goals we are making very clear, that it depends on the customer's acceptance as of now. We provide him with a tool he could use - and he might feel, that he should use it eventually.
We have spent the last 1½ year in offices in Berlin, Aachen (Germany) and Maastricht (the Netherlands) developing JARs business concept and prototyping the hard- and software. We recently successfully completed our first EVT build (engineering validation testing), which involved manufacturing, assembling and testing the functionality of a prototyped JAR correlated to our in-house developed software solutions.
- August '15 - Kick off DVT
- October - Ship initial rewards (shirts and posters) to Kickstarter backers
- December - Kick off PVT
- January '16 - Ship initial units to Kickstarter backers
After a successful funding, we'll start our second EVT build to incorporate a number of changes and improvements we discovered while testing. After this, we will freeze changes in the electronics and move into DVT (design verification testing) where we will test everything from the mechanicals, to the electrical, to firmware and make sure everything works as designed.
The final stage is doing a PVT (production verification testing) run, which is designed to assure the required quality and robustness.
For our engineers, the biggest challenge to come is to reduce the size of JAR; at the moment, our prototypes are approximately as big as a big matchbox.
If we would exceed the funding goal by €150k, so, if we reach the amount of €250k together with you, we'd be able to do something very cool: we could build a JAR without the characteristic audio-connector which uses Bluetooth 4.0 LE to connect to the host device. This would not only further decrease the size of JAR, it would allow you to use your JAR in a much more flexible way. Safety first, obviously: each first connection via Bluetooth would require a manual confirmation with your fingerprint. The connection itself will be protected using the 128-bit-AES security standard. Further more, the additional energy consuption is fairly low and the possible range pretty high (around 30 meters are no problem at all).
We're a team of designers, programmers, engineers, and operations staff based in Aachen, Germany.
When building a product that is focused on something so personal, we didn't want to build it hidden away somewhere in silence. Over the coming months, we want to learn from you what you think about JAR, how you use it, what you care about and make sure we build the best possible product.
We're also having a lot of fun working on JAR and want to share everything we're learning along the way with you.
"Access your private data with the touch of your finger instead of remembering passwords"
"JAR’s future services will include cloud storage, encrypted messaging, quick website registration and many other third party services. Bitcoin wallet application couldn’t be far off the line—and who knows, maybe the key to the future home or car is in the shape of a 3.5mm jack?"
"The sheer number of passwords needed to protect online accounts means that one inevitably gets forgotten every now and then. But a new device called JAR, developed by the German startup of the same name, could put an end to this traumatic process of account retrieval, by replacing passwords altogether."
"Log-on password replacement is one of the Holy Grails of the IT security world. Now a German start-up has come up with a personal biometric crypto-key which it says is practical and adds little cost. Called Jar, it is a true biometric device which uses the user’s finger tip as their password for every login and registration."
"German startup firm JAR has developed a compact personal fingerprint reader that connects to devices using their audio jack […] The developers note that fingerprints will be stored encrypted only on the JAR, adding that they are building the operating system on protected systems in Germany, guaranteeing that there are no backdoors in our code."
And lastly, thank you; we can't wait for you to use what we're building.
Risks and challenges
We're making something physical; atoms are harder to manipulate than bits and harder to fix when they break; so we've worked (and continue to work) very hard to make sure we don't mess things up.
PRODUCT DEVELOPMENT: We have successfully developed prototypes for our hard- and software. We have proof of concept methods of encrypting, decrypting and unlocking accounts, devices and data using our prototypes. Soon after Kickstarter, we plan to enhance those proof of concepts into fully working apps and browser extensions so that JAR will work with virtually every smartphone, tablet, and laptop on the market featuring an audio jack. Additionally, we plan to optimize the user experience on apps and browser extensions that we’ve already developed. Software development sometimes runs into delays when technical challenges present themselves. If severe software development delays occur, JAR may ship without full operating system and web browser compatibility. If this happens, JAR may require an over the air update at a later date in order to work with certain operating systems and web browsers. We plan to apply the same software development practices we’ve used in the past to mitigate this risk. Our team of engineers has already overcome the major technical challenges associated with our software development, and they have a good track record of overcoming challenges and solving problems effectively.
MANUFACTURING: This is the first product our team is mass manufacturing, so we want to feel confident that we’re making the right choice when it comes to our manufacturing partner. Once we’ve selected a manufacturer, they will require order quantities, lead times, detailed technical drawings, material selection, etc. We’ve done everything we can to make product fabrication scalable in order to mitigate the inherent risk of mass manufacturing.
QUALITY CONTROL: Once we’ve signed deals with manufacturers to mass produce JAR, we will purchase production molds for each size and begin manufacturing with a small test batch of products. It’s our goal to deliver a high quality, professional product that’s free of things like surface imperfections, color mismatch, etc. For that reason, manufacturing has potential for delays as we perfect the quality of JAR, making sure it looks good and stands the test of every day use. We plan to ship a product that follows our company’s core principal of perfection, and sometimes perfection takes longer to achieve.Learn about accountability on Kickstarter
Support this project
- (30 days)