Token Ring – Phishing-Resistant Wearable Auth

?I had the recent pleasure of trying out a new wearable, biometric, FIDO2 MFA solution known as Token Ring (www.tokenring.com). It’s a lightweight ring, that biometrically reads your fingerprint as you put it on, that then communicates wirelessly to your device and applications. Here’s an enlarged image of the device.

What was my verdict?

It’s got me rethinking in a positive way about wearable authentication. I think there is a strong chance that in the future that one of the most popular types of authentication will be wearable MFA. And thanks to Token Ring, you can have that future today.

Let me say that I started off as a skeptic. My natural inclination is to be wary of new types of authentication, especially ones promising nearly seamlessly auth without a lot of thinking involved. Token Ring has convinced me that the right elegant solution, done the right way, can pick up a lot of advocates.

First, you order a Token Ring to fit the finger your plan to use. Token Ring sends a “sizing-kit” in advance to ensure the proper sizing. The ring arrives along with a wireless charger and Near Field Communication (NFC) reader. I had to first charge the Token Ring an hour to make sure it was charged enough to perform my tests. The ring is very lightweight, yet sturdy. The rim of the ring flashes different colors as does a small circular LED on the side. Different colors mean different things.

You must first train the Token Ring to record and recognize your fingerprint. To do so, you put the Token Ring in biometric record mode and then pass it many times over the tip of our finger. You do it many times using various angles and approaches. The Token Ring will tell you when it has successfully recorded your fingerprint.

To biometrically authenticate to the Token Ring, you pass the end of your finger in and out of the ring until it indicates biometric success. The ring tells you by displaying a green LED light or a rainbow of colors. A red LED indicates the biometric reading didn’t work. I found in real-world use, that I had to initially briefly play around slipping the ring over my finger a few times to get biometric approval. Future use got easier and quicker as I learned what positions led to faster reads. By the end of my testing I was authenticating to the Token Ring by naturally passing the ring over my finger, albeit it bit more slowly than you might a regular ring. Then you wear the ring like you would any other ring. The biometric authentication of your ring to the finger stays intact until you either take the ring off your finger or the Token Ring runs out of juice.

Like any FIDO2-certified authentication solution, you have to register the ring to each site or service you want to use for authentication. Not surprisingly, those services and sites must be FIDO2-aware. I started my testing by going to the common FIDO2 testing site, https://webauthn.io/. It simulates FIDO logons. I then tested using various applications like Microsoft O365 and Gmail. Token Ring works with Microsoft Windows, Apple iOS, and Android.

When you come up to a FIDO logon, you “double tap” the ring in the palm of your opposite hand. That wakes up the ring to tell it to authenticate to the site or service you’re trying to login to. You hold the activated ring over the NFC pad (provided by Token Ring). And then because it’s MFA, I had to put in my Windows Hello code as my FIDO2 “gesture”, which then logged me into my test site and applications.

I’ve got to say the experience is pretty cool. And everyone I showed it to wanted to get one. Wearing a ring is easier than hunting around and finding my USB token and plugging it into my laptop. I’ve only got three small caveats. One, I wish my Dell laptop came with a built-in NFC reader. That would make so I didn’t have to plug in Token Ring’s external NFC reader. It would save me step when traveling. Two, it currently doesn’t work with my Windows logon, but this is more due to how Microsoft is implementing FIDO logons. Currently FIDO2 logons are only available on enterprise versions of Windows using Intune. When Microsoft adds FIDO2 logons to all versions of Windows, it will work with mine. Lastly, you’ll have to take off the ring and let it charge every few days to make sure it has enough juice to authenticate. That’s true for many wireless authentication methods. It was easy enough to do when I was done working for the day.

Overall, it was a very cool device to play with. It was fun and did its job. It is solid, phishing-resistant, authentication. It shows what the future of wearable authentication will be like, except it’s available today. Visit www.tokenring.com if interested.

?