Secure Login, Without Usernames and Passwords

The era of password-less authentication is about to begin.

Free Demo › Watch the Video

"The password is officially dead...they just don't meet the challenge for anything you really want to secure."

Bill Gates, 2004

Phishing

AN ATTEMPT TO DISGUISE AN EMAIL OR WEBSITE AS A TRUSTWORTHY ENTITY, TRICKING USERS INTO GIVING UP INFORMATION.


A common email scheme targets company email accounts in attempts to either disrupt the network or steal valuable data. With an open rate of 30%, this is the most successful method of stealing login info.

Brute Force

USUALLY AN AUTOMATED ATTACK THAT ALLOWS UNAUTHORIZED INTRUSION THROUGH SYSTEMATIC TRIAL-AND-ERROR.


Guessing will eventually work: Passwords like '123456' and 'password' barely require any snooping. Beyond that, programs called password crackers systematically try all possibilities. Both styles of intrusion are why passwords without strong additional factors of authentication have to go.

Man in the Middle

ROGUE INTERCEPTION OF USERNAMES AND PASSWORDS THROUGH SCAM OR IDENTITY THEFT.


Hackers have developed multiple effective strategies to steal user information. Whether they impersonate users or a company rep, a well-run scam will eventually. Email and text messages can also get intercepted through various schemes, allowing password extraction through the communication.

Server Breaches

ATTACKERS GAIN ACCESS TO STORED COPIES OF USER PASSWORDS ON SERVERS.

 

These intrusions often go unnoticed, meaning your password on a major company's website will never be truly safe. Password-less login with an asymmetrical authentication system means you never have to worry about server-side breaches.

The list of the top ten worst passwords rarely changes from year to year. The fact that this list of common passwords even exists indicates most users either don't care or don't know about the vulnerabilities of weak or default passwords.
Sharing passwords across multiple accounts creates unnecessary risks. When one account gets hacked, the intruder gains access to the other accounts as well. Worse still, about 25% of people use five or fewer passwords during their entire online lives.
Recovery Nightmare.png

Secure Login Screen (2).png

Suffering a security breach is no longer a matter of if but when.  Right now, there's no certainty that any of your passwords haven't been compromised already. Reset and recovery every few weeks is now a necessary routine.

Usernames and passwords are fundamentally flawed, so adding two-factor or multiple factors of authentication is a quick fix at best. WWPass doesn't just offer industry-proven encryption in a segmented data structure; we actively utilize the correct factors of authentication. Without relying on exploitable and simple character strings to log you in, you're sealing the biggest cracks in your security foundation.

Check out our whitepaper for more info

MultiFactorAuthenticationGraphicII-768x713.png
PassKey QR Authentication 1

Access to your data is possible only when two keys are present: your PassKey, and the encryption key in WWPass.
Scan QR Code

These two keys will always be separate until authentication.
Distributed Data Storage PassKey

Data is then encrypted, fragmented, and finally stored in multiple geographically-dispersed locations.

How it Works

The user always holds the first key while the service provider (a website or an application) has the second. For each key pair, a unique data set is associated. In other words, each key pair “opens” a data container specific for a particular combination of a user and a service provider. All data containers are independent and completely isolated. WWPass authentication can handle an unlimited number of users, and each user could access any number of applications with a single key.

Security

For specific applications, user data is stored in one location in an encrypted form, while encryption keys are stored in WWPass distributed storage. Twelve data storage nodes that store encrypted fragments of the encryption keys are hosted on WWPass owned and operated servers in ISO 27001 and ISO22301 certified co-location facilities.

Application

One of the most popular applications of the WWPass technology is user authentication without usernames and passwords. This approach eliminates the most popular types of hacker attacks, based on compromised credentials. The only way to “open” the credential storage is when both keys are present. Then the credential data is submitted to Service provider for future authentication.

WWPass for Developers

If you're a developer, you can add WWPass authentication to your site today with our step-by-step integration guides.

Get Started ›