More than just advanced authentication technology
Traditional Login Pitfalls
User’s identification and verification are based on a vulnerable combination of usernames and passwords, a "something you know” factor.
What's wrong with usernames?
- People use the same username — which is often their email address for many accounts
- For web-based cloud applications, a well-known email address is an easy entry point for hackers
What's wrong with passwords?
- The majority of people use 3 to 5 different passwords to protect all accounts
- Websites receive plaintext password values during authentication, which is a fundamental flaw of the most commonly employed password verification schemes
What's wrong with traditional 2nd-factors
Traditional 2nd-factors like OTP, SMS and others are often used as additional user verification. In reality, this only verifies a user if they have the device or account on-hand.
Traditional 2nd-factors are:
- Based on usernames and passwords
- Not always secure
- Difficult to recover
- Inconvenient for end-users
- Not universal
- Poorly scalable
No Usernames, No Passwords —
No Phishing, No Identity Theft
Traditional Login with 2FA
- User Identification is always a starting point of a login
- "Something you know" factor
- Created by the user and stored by a website/application
- Need to be protected with 2nd Factor
- Not convenient, not always secure
WWPass Login without Username and Password
- No Usernames, No Passwords
- User Identity is the result but not a starting point of login
- "Something you have" factor
- PUID (Protected User Identifier) is a random number created by the website/application, assigned to the user, stored in the encrypted form by WWPass
- Universal, convenient and very secure
Protected User Identity — PUID
WWPass creates user identification based on PUID, which is a unique string of randomly generated numbers attributed to a particular service.
Encrypted and distributed
All PUIDs stored by WWPass are always dispersed and client-side encrypted at rest and in transit.
WWPass stores all digital identities in a number of datacenters. No single datacenter stores enough information to decrypt data.
WWPass login — How does it work?
Users don't send any credentials to WWPass or applications, which means credentials cannot be stolen. All cryptographic operations take place on the user's device.
Start of Login with WWPass Key
A user presents a WWPass Key to log into a website or an application
Key identification and verification
WWPass authenticates both the Key and the application. Once authenticated, WWPass combines the Key and the application to create a pointer to a unique data container located in the geographically-distributed WWPass Network.
Supply of user identifier — PUID to Service Provider
WWPass sends the information stored in the data container to the application via a secure communication channel.
User identification and authorization
The application verifies the information received from WWPass and logs in the user. The user's identity is non-transparent to any potential attacker.