Back This: Symple ID makes signing into your favorite sites simple!

By Bla1ze on 15 Apr 2014 06:09 pm EDT

It seems not a day goes by that I don't end up resetting a password for some site or service that I use. Even though I use several different password reminder services, they're not always a perfect solution. But what if it there was a solution that utilized your phones NFC functionality and and a simple NFC tag? Would that be easier? Richard Fox-Ivey thinks so and he's come up with Symple ID.

What is Symple ID?

Symple ID brings “tap-to-pay” simplicity to the world of passwords. If you’ve ever tapped your credit card in the check-out lane to buy something, you know how easy tap-to-pay is. Using Symple ID is just like using tap-to-pay; but instead of making a secure purchase in a store, you’re securely logging-in online.

Symple ID users simply tap their smartphone to a digital ID in order to sign into Banking Websites, Social Media (Facebook, LinkedIn, Twitter, etc.), email (Gmail, Yahoo, Outlook, etc.) and web apps (Salesforce, Netflix and Dropbox, etc.).

When logging in, Symple ID automatically protects you against phishing attacks that try to steal your account information by validating the authenticity of the site you are visiting. If the site isn’t legitimate, Symple ID doesn’t log you in.

Signing into legitimate sites is as easy as tapping your phone to your ID. When you tap to sign-in with Symple ID your credentials are sent encrypted from your phone through a secure server to your browser for login.

Symple ID makes it easy to use strong (e.g., 100 randomly generated characters) and unique passwords for all of your online services; yet you don’t need to worry about remembering any of them. And importantly with Symple ID all your credentials are stored locally to your smartphone; not in the cloud making a tempting target for hackers.

Sounds cool, right? Never having to really remember your passwords but rather adopting a 'set it and forget it' philosophy because Symple ID does all the work for you. Thanks to Heartbleed, I've been going through the painful process of resetting all of my passwords and already, its become quite problematic. Having a solution like Symple ID available now would have made this a little bit easier.

But that's the thing, while the Symple ID app is being beta tested right now, in order for it to be fully realized Richard Fox-Ivey needs some funding. $20,000 to be exact and because of that he's now taken to Kickstarter in hopes to raise the funds needed to fully bring it to market on BlackBerry 10, BlackBerry 7 and Android.

Like all Kickstarter projects, Richard has set up some rewards for backs so if this is a solution you're interested in, be sure to check out the Kickstarter page for the full details on how you can back the project and what you'll get for helping out. Pledges start at $5 but already the $15 spot is sold out. However, the early bird special of $30 is still open and includes the app and service for one user and a choice of any 2 NFC ID's.

Reader comments

Back This: Symple ID makes signing into your favorite sites simple!


It's not just software. Backers over the $15 price also get NFC cards/wristbands as well as free lifetime membership. They use secure servers to transmit the username/password from your phone to the computer's browser.

In his description on kick starter, he needs the money to figure out NFC tag suppliers and samples to make sure it all works.

The code is written already. That was the easiest part.

Posted via CB10

Great idea, but how does it check the authenticity of the site? Is the tap NFC? if so, can it be read in and cloned? Although, I agree that we need a unified solution, it sounds pretty scary to me.

Posted via CB10

The application uses software and hardware to make sure is less hackable, not saying is 100% secure but is probably more secure than just typing a password

Posted via CB10

And way less hackable if you currently use the same password for multiple sites.

Would be cool if it could also change the passwords frequently for your various sites.

Posted via CB10

I was starting to be interested but this guy's website doesn't even work properly.

All 3 "More" buttons error out with a 404.


And am I the only one thinking that with this "solution" if someone steals your phone they have instant access to your whole online life?

Posted via CB10 on Z30 STA100-2 / on O2 UK - Activated on BES10.2.1

Yeh I didn't realise from the blurb in the article that the ID is a physical token of some kind.

But that raises a question of how this can be two factor authentication as they are claiming. Two factor is something you have and something you know.

A physical token and a smartphone are just two things you have, nothing you know.

So steal them both from someone and bingo, you're in.

Their website actually pushes the idea of corporate users not ever knowing what their real passwords are as a benefit!

Posted via CB10 on Z30 STA100-2 / on O2 UK - Activated on BES10.2.1

You also have to have the Chrome add-on installed on the PC. I assume that also gets linked to your device somehow. My only concern is how quick the entire process is. If it's faster to type in your username and password, then this isn't for me. But if it's a quick process, then I'm interested. Too bad they don't show a video of the authentication process but I guess that's what Kickstarter is all about.

The "know" would ostensibly be your device password. As you would have to first be able to unlock the device to use the functionality.

The whole time your phone is unlocked the "know" is removed from the equation.

Having to have a Chrome extension installed is just another thing you have, not something you know. Think how closely we keep our everyday tech that we use. When we are using our laptops our phones are never far away and neither are out secure tokens, because we need them to be handy. All 3 are likely to be stolen together.

I don't think this product is going to get certification for use in Government that's for sure.

Posted via CB10 on Z30 STA100-2 / on O2 UK - Activated on BES10.2.1

It's a great idea and in BlackBerry first. I've already supported the project. Hope he gets to his goal!

Posted via CB10

Oh wait a SympleID is a physical token. So they'd have to steal your token and your phone. Not so difficult if you put your mind to it.

Posted via CB10 on Z30 STA100-2 / on O2 UK - Activated on BES10.2.1

I would assume you'll also need to unlock the phone before you could active it to use sympleiD.

Posted via CB10

NFC doesn't work on BlackBerry when it is locked, so yeah you'd have to be able to unlock the device for it to be of any use.

Contributed! This seems quick and easy, secure and he's supporting BlackBerry 10 natively.

Winner to me.

Posted via CB10 on my Z30

Yeah, but the fact that you can use it for a desktop PC, which is the main browsing platform for most people, make it definitely useful.

Posted via CB10 on my Z30

Yep. Already pledged. I would recommend you do the same. Even in the $15-$25 would be great.

Posted via CB10

Hey Bla1ze, good idea for a spotlight. I still think nfc-like gadgets will be bigger than we all expect. More and more companies are rolling out their own adaptions of such a system and it is nice to see somone trying to use it for something useful/timesaving. Although I am not sure about security.
Now little off-topic, when I swipe over the video on CB10 it automatically starts playing and I can not stop it, nor can I go 'back' to the article. Have to restart the app every time.

BlackBerry 10 signed.

In the end he said: “When you tap to sign in with Symple ID, your credentials are sent encrypted from your phone through a secure server to your browser for login.” I presume then that this system relies on a third-party server to make this happen? This sounds like a serious concern to me, regardless whether it’s encrypted or not (just imagine if that server suffered from Heartbleed).

I have to admit that I am not convinced by his idea at all. The problems he sketches, the fact that he has to maintain and remember a lot of passwords and to type them in (especially if they are random), has long been solved by 1Password, Enpass and others. I use 1Password precisely for this, to maintain a well-protected catalogue with long and difficult passwords and a browser plugin that automatically types in my passwords whenever I need them. With local WiFi (or Dropbox sync) I can use them on various devices if I want to. It solves these problems too, but without relying on another server or even an Internet connection.

It's *their* servers. Unless you're an early adopter, you will have to pay about $15 yearly for the service. Those who support them on Kickstarter will get lifetime membership included.

With "third-party server” I meant a server other than the one you are connecting with, i.e. the website. You are giving them very sensitive information through the cloud. For me, this is information I would rather keep on my hard drive.

Obviously not, but my point was that you are putting all your eggs in one basket. Whenever something goes wrong, all your passwords may be vulnerable. Heartbleed demonstrates that very clearly.

Simple and secure is the way to go....!!! With all the vulnerable application and software around the world... bringing some hardware to secure your information is even more great, just think about the

I cannot wait until the release heartbleed from recent problems, even though BlackBerry is secure why not making it easy, and more secure than ever!

People!!! You should Back this!!

Posted via CB10

Thank you, Bla1ze for posting this. I will be backing this times 2, for the wife and I later this evening. I love the idea.

Posted via CB10

He developed the app for BlackBerry 10 and BB7. And had beta testers. Wouldn't hurt to chip in $5 on the kickstarter page. There are 82 backers almost at $5,000. Kickstarter is an all or nothing crowd fundraising. There are 15 days remaining with $15,000 left to raise. If it's not met, all of his dedication and hard work to BlackBerry 10 is for nothing. Kickstarter doesn't charge you unless the campaign is fully funded. Come on CrackBerry, chip in! Git -R -Done!

Check out Symple ID Beta in BlackBerry World! You can find it at

Poetry in Motion

Looks like an Android app. The pop up login prompt looks like a Jelly Bean popup.

Posted via CB10

It's a very interesting concept but it does look like an Android app. Please consider a native version as soon as possible after its release!

It is native. From the comments in the Kickstarter page.

"We're based in Waterloo, ON and BlackBerry proud :) which is why we actually built first on BlackBerry 10...We later added BlackBerry 7 and Android."

Like the concept. Requiring a physical key to "authenticate". From my basic understanding it is very different from a password keeper where they just need one password to access all your other passwords... that is easily obtainable if your computer or phone is compromised.

As for being physically stolen? Well let me see... if the thief isn't satisfied with my cash and is dumb enough to try and access my email or Facebook account then great. I would like him caught and this increases the chances he will be. He'll have to login in from a computer he has admin rights to in order to download and use that software because I'll be wiping my phone even though it is password protected.

Kickstarter wouldn't let me proceed to the payment page though so I'll have to try again a bit later.

Stupid idea...

1) If the single sign on supplier goes out of business that will cause issues. See MyOpenID.
(Even Google will be gone some day.)

2) If one logon is based to and that is compromised, all your accounts are compromised. Even of you use the same username, using different passwords already adds one extra security layer over a single sign on.

3) It ties you to single hardware which is a limitation in some ways. I have a card reader for n Online banking that generates a TAN - I have never got it with me. (Too much hassle, something to lose which means I have no access to online banking once I leave the house. )

I'm sure I can come up with yet more arguments against it in the long run...

Side note: Anything that ties into a phone number is also problematic - I habe no idea how many places have my old phone number.... I changed it a few times in the UK already...
A) it is too much hassle to keep it when changing provider
B) just tidies up any privacy issues if you bin nets, especially if marketing calls are standard in the UK... thankfully not on my mobile hut we get the rubbish on the land line... (Friends just get the new number, problem solved.)

Posted via CB10

I'd sooner use lastpass and protect it with google authenticator myself for now. The convenience of nfc tap is a nice idea, but possibly one convenience too far. Security isn't about convenience.

Anyway, this guy will need to guarantee your data I reckon if he wants it to be mainstream. His site having availability issues doesn't instil confidence. One to watch for sure, but I would not part with my money yet.

I belive they will be charging 15 bucks yearly after 1st year of free service, if they are giving free to all the Kick starter backers then it is a good deal, but I would confirm it first...

Posted via CB10

Maybe someone at Crackberry could use their celebrity status to get this dev on Dragon's Den or Shark Tank. I'm sure one of those entrepreneurs would pick this up if they can't meet their Kickstarter deadline.

Bla1ze, what package did you get with your kikstarter contribution?
I'm leaning towards the family version. I really like the idea.

Why not have the USB dongle outfitted with bluetooth so you can send the credentials encrypted via bluetooth instead of a third party server?
This way there will never be a risk of the servers going down or being compromised.

Hi Everyone, this is Richard Fox-Ivey from Symple ID.

Firstly, thanks to everyone for such an awesome #TeamBlackBerry response!

Lots of really encouraging comments and questions below :)

I also get that this isn’t going to be everyone’s “cup of tea”; we all have apps we use and don’t use, we all manage online security in ways that we feel are best.

For me this is something that I care a lot about, believe in, and have been investing both my time and money for the last 8 months.

Let me take a crack at answering some of the questions raised:
*Why I’m crowdfunding: It’s pretty simple; buying hardware and hiring developers costs money. I’ve been bootstrapping this for some time now and have gone all the way through early prototypes to beta releases for BB10, BB7 and Android. I’m getting a ton of awesome feedback from testers in terms of what they want in a released product, and if I am going to act on that feedback, it’s going to take more financial resources.
*Cost for the service: all Kickstarter backers will get free lifetime use  once we release to the broader market we are planning on an annual service fee of $15. This will help make the business sustainable by helping to pay for the cost of server resources as well as ongoing development. Aiming to support a wide variety of sites isn’t easy and requires ongoing work to add new sites and keep existing ones working the way you want them too.
*What is Two-Factor? Two factor (and multi-factor) authentication comes in a variety of flavors, there is no one “official” TFA. Our approach to TFA involves making your smartphone containing an encrypted application with credentials as one factor and a unique NFC as another factor. The app on the phone is also password protected (“something you know”) and if you password protect your phone in general that is yet another “factor” (another “something you know”).
*But can’t I just copy the contents of the NFC? There are two kinds of information in NFC devices; one kind that is writeable and can be copied and the other kind that cannot be copied and is the equivalent of a serial number. So your NFC ID is actually unique.
*Browser Security: We deliberately don’t store any of your credentials in your browser and we encrypt all the data going to and coming from your browser.
*Can’t someone access all your accounts if they get your phone and ID? Well, if they know your phone password, and the app password, and they have your phone, and the ID, then yes, it would be possible for them to start accessing your accounts. Kind of like if you drop your wallet somewhere someone can start using your credit card or spending your cash. Of course, if you’re reusing passwords, or using weak ones online, people can remotely hack your accounts as well. I guess you have to decide how best to manage your risks. Personally, I love this approach and feel confident in the security.
*Can’t you just use Password Keeper instead? We are actually focusing on the login process on your laptop/desktop as opposed to your BB at present, so Password Keeper actually doesn’t provide an alternative in that regard.
*Secure Servers: When we pass your credentials through our secure servers they are encrypted and pushed through a channel that is unique to you. None of your credentials are stored on the server and they only transit through one at a time as you login to websites.
*Is this an Android App? We actually developed first for BB10, it’s a Webworks app  Although we later developed BB7 and Android versions.
*If I missed responding to your question, please do let me know.

Best Regards,

@wout000 love this idea...definitely something we've been thinking of. We chose our current approach to avoid needing blue tooth on the the PC you are pairing to and make it more universal.

Posted via CB10

Big boost from yesterday! Now at 125 backers and $6,158 raised.

14 days left! Come on CB community. Have to get $20,000 in 14 days or project is scrapped.

Remember you're not charged unless the project is fully funded.

Poetry in Motion

I'm backing this! How awesome is that!

Really loving the idea,and would live to beta a test.

Posted via CB10
"Symple ID - Ditch your password & grab your phone! -- Kicktraq Mini"

Come on folks - I can´t believe that finally someone makes a cool project for BlackBerry devices and the community is not able or willing to collect only 20k. Right now the project is trending to 10k only which means that Richard won´t get a dollar from Kickstarter to get his work done.

For 25 USD you get the full kit: NFC Tags, the app and lifetime service !!

@Richard (aka "thisisnotausername" - see comment above) Thanks for the clarification!