Secure Login, Without Usernames and Passwords
The era of password-less authentication is about to begin.Demo
The password is officially dead...they just don't meet the challenge for anything you really want to secure.Bill Gates, 2004
Usernames and Passwords Are the Flaws in Your Security
The most successful hacks go after passwords and people. There are many solutions, but moving away from usernames and passwords as your primary authentication will stop even the most clever attacks.
An attempt to disguise an email or website as a trustworthy entity, tricking users into giving up information.
A common email scheme targets company email accounts in attempts to either disrupt the network or steal valuable data. With an open rate of 30%, this is the most successful method of stealing login info.
Usually an automated attack that allows unauthorized intrusion through systematic trail-and-error.
Guessing will eventually work: Passwords like '123456' and 'password' barely require any snooping. Beyond that, programs called password crackers systematically try all possibilities. Both styles of intrusion are why passwords without strong additional factors of authentication have to go.
Man in the Middle
Rogue interception of usernames and passwords through scam or identity theft.
Hackers have developed multiple effective strategies to steal user information. Whether they impersonate users or a company rep, a well-run scam will eventually. Email and text messages can also get intercepted through various schemes, allowing password extraction through the communication.
attackers gain access to stored copies of user passwords on servers.
These intrusions often go unnoticed, meaning your password on a major company's website will never be truly safe. Password-less login with an asymmetrical authentication system means you never have to worry about server-side breaches.
Memorable Passwords are Worthless
81% of confirmed data breaches are from weak/default/stolen passwords.
The list of the top ten worst passwords rarely changes from year to year. The fact that this list of common passwords even exists indicates most users either don't care or don't know about the vulnerabilities of weak or default passwords.
The Domino Effect
71% of people use the same passwords across multiple accounts.
Sharing passwords across multiple accounts creates unnecessary risks. When one account gets hacked, the intruder gains access to the other accounts as well. Worse still, about 25% of people use five or fewer passwords during their entire online lives.
Data Breaches Aren't Going Away
40% of people suffer some form of security breach each year.
Suffering a security breach is no longer a matter of if but when. Right now, there's no certainty that any of your passwords haven't been compromised already. Reset and recovery every few weeks is now a necessary routine.
The WWPass Network
Encryption, Fragmentation, Dispersion.
Usernames and passwords are fundamentally flawed, so adding two-factor or multi-factor authentication is a quick fix at best. WWPass doesn't just offer industry-proven encryption in a segmented data structure; we actively utilize the correct factors of authentication. Without relying on exploitable and simple character strings to log you in, you're sealing the biggest cracks in your security foundation.
Check out our whitepaper for more info
Our architecture provides password-less authentication and reliable storage of critical information.
Access to your data is possible only when two keys are present: your WWPass Key, and the encryption key in WWPass.
These two keys will always be separate until authentication.
Data is then encrypted, fragmented, and finally stored in multiple geographically-dispersed locations.
How it Works
The user always holds the first key while the service provider (a website or an application) has the second. For each key pair, a unique data set is associated. In other words, each key pair “opens” a data container specific for a particular combination of a user and a service provider. All data containers are independent and completely isolated. WWPass authentication can handle an unlimited number of users, and each user could access any number of applications with a single key.
For specific applications, user data is stored in one location in an encrypted form, while encryption keys are stored in WWPass distributed storage. Twelve data storage nodes that store encrypted fragments of the encryption keys are hosted on WWPass owned and operated servers in ISO 27001 and ISO22301 certified co-location facilities.
One of the most popular applications of the WWPass technology is user authentication without usernames and passwords. This approach eliminates the most popular types of hacker attacks, based on compromised credentials. The only way to “open” the credential storage is when both keys are present. Then the credential data is submitted to Service provider for future authentication.
WWPass for Developers
If you're a developer, you can add WWPass authentication to your site today with our step-by-step integration guides.