WWPass Login without Usernames and Passwords
by Gluu Team, on Fri 18 September 2020
Good security starts at the login screen. With the WWPass mobile app or token, users can easily log in to all their enabled applications without the need for inherently insecure username/password architectures.
WWPass technology keeps application data and user identity information separate and hidden from all other applications, preserving both user and application privacy — even from WWPass itself.
Unlike most common identity solutions, WWPass protects user identity with cryptography and zero-knowledge design. WWPass Protected User IDentity (PUID) is a random number created by the Gluu Server, assigned to the user, and stored in the encrypted form in geographically distributed data centers. WWPass does not store or have access to any personal information. User identification and authorization remain under the enterprise’s full control.
To log in, users employ a WWPass Key. The WWPass Key is a cryptographic token available in the form of a mobile app, USB/NFC fob, or a smart card. With an addition of a PIN or biometrics, the WWPass Key serves as a strong two-factor authentication solution. Unlike the others, WWPass uses “something you have” as the user’s primary credential. This eliminates the need for username/password pairs and closes the door to first-order threats ranging from compromised credentials to SQL injections. Users enjoy the convenience of never having to remember username/password details again.
WWPass Key easy self-revoking or replacement procedure has no impact on user accounts in the Gluu Server, resulting in no need for re-enrollment of the user in the event of loss or damage of the WWPass Key.
WWPass provides a glimpse into a possible future for authentication: convenient, secure, flexible and strong — and without usernames!
Gluu integration with WWPass hardware or software based cryptographic multi-factor authentication provides GDPR and NIST compliant strong SSO based on SAML or OAuth2 protocols for business applications, like Zoom and many others. For the source code and installation instructions see Github project.
WWPass is a global cybersecurity company that provides next generation authentication and client-side encryption technology eliminating Usernames and Passwords. We battle data breaches and identity theft day in and day out, using our advanced distributed and secure storage mechanisms. Users get a secure experience – without compromising convenience. Learn More