E-commerce companies, social networks, big banks, and other businesses with millions of online customers have to maintain an array of expensive servers to store passwords and usernames. Leaving all of that sensitive information in a central location can make it a tempting target for hackers.

Instead of storing sensitive information on company servers, software engineer Ramesh Kesanupalli says: Why not get rid of usernames and passwords and store login data on customers’ PCs, smartphones, or tablets? His startup, Nok Nok Labs, has designed software that lets users record their biometric data—voice, facial features, or fingerprints—on their personal gadgets. That’s a far more secure entry key than a username and alphanumeric password. When the user provides a valid match, her device connects securely to the desired website. For hackers looking to compromise that system, “they would need to steal your device, and your finger and your eye,” Kesanupalli says. “That’s not a scalable attack.”

“We are extremely keen on the technology,” says PayPal Chief Information Security Officer Michael Barrett. Besides streamlining and improving security, Barrett says, biometrics will likely improve customer service: He estimates that 35 percent of his company’s help-desk calls involve password resets.

By: OLga Kharif, Bloomberg Businessweek