More than just advanced authentication technology
Traditional Login Pitfalls
User’s identification and verification are based on a vulnerable combination of usernames and passwords, a "something you know” factor.
What's wrong with usernames?
What's wrong with passwords?
- The majority of people use 3 to 5 different passwords to protect all accounts.
- Websites receive plaintext password values during authentication, which is a fundamental flaw of the most commonly employed password verification schemes.
What's wrong with traditional 2nd-factors
Traditional 2nd-factors like OTP, sms and others are often used as additional user verification. In reality, this only verifies a user if they have the device or account on-hand.
Traditional 2nd-factors are?
Why don't we just get rid of usernames and passwords?
Traditional Login with 2FA
WWPass Login without Username and Password
- User Identification is always a starting point of a login
- "Something you know" factor
- Created by the user and stored by a website/application
- Need to be protected with 2nd Factor
- Not convenient, not always secure
- No Usernames, No Passwords
- User Identity is the result but not a starting point of login
- "Something you have" factor
- PUID (Protected User Identifier) is a random number created by the website/application, assigned to the user, stored in the encrypted form by WWPass
- Universal, convenient and very secure
Protected User Identity — PUID
User identification is based on PUID- random number attributed to a user, created by a Service Provider and stored by the Service Provider and WWPass.
Encrypted and distributed
All PUIDs stored by WWPass are always dispersed and client-side encrypted at rest and in transit.
WWPass stores all digital identities in a number of datacenters. No single datacenter stores enough information to decrypt data.
WWPass login - How does it work?
Users don't send any credentials to WWPass or applications, which means credentials cannot be stolen. All cryptographic operations take place on the user's device.
Start of Login with WWPass
Key A user presents a WWPass Key to log into a website or an application.
Key identification and verification
WWPass authenticates both the Key and the application. Once authenticated, WWPass combines the Key and the application to create a pointer to a unique data container located in geographically- distributed WWPass Network.
Supply of user identifier- PUID to Service Provider
WWPass sends the information stored in the data container to the application via a secure communication channel.
User identification and authorization
The application verifies the information received from WWPass and logs in the user. The user's identity is non-transparent to any potential attacker.
Interested to see how it works for your business applications?