More than just advanced authentication technology

No usernames
No passwords
Zero-knowledge privacy

Password-less login

Traditional Login Pitfalls

User’s identification and verification are based on a vulnerable combination of usernames and passwords, a "something you know” factor.

What's wrong with usernames?

  • People use the same username — which is often their email address — for many accounts.
  • For web-based cloud applications, a well-known email address is an easy entry point for hackers.

What's wrong with passwords?

  • The majority of people use 3 to 5 different passwords to protect all accounts.
  • Websites receive plaintext password values during authentication, which is a fundamental flaw of the most commonly employed password verification schemes.
Securely manage passwords
Securely manage passwords

What's wrong with traditional 2nd-factors

Traditional 2nd-factors like OTP, sms and others are often used as additional user verification. In reality, this only verifies a user if they have the device or account on-hand.

Traditional 2nd-factors are?

  • Based on usernames and passwords
  • Not always secure
  • Difficult to recover
  • Inconvenient for end-users
  • Not universal
  • Poorly scalable

Why don't we just get rid of usernames and passwords?

Traditional Login with 2FA

WWPass Login without Username and Password

Securely manage passwords
  • User Identification is always a starting point of a login
  • "Something you know" factor
  • Created by the user and stored by a website/application
  • Need to be protected with 2nd Factor
  • Not convenient, not always secure
Securely manage passwords
  • No Usernames, No Passwords
  • User Identity is the result but not a starting point of login
  • "Something you have" factor
  • PUID (Protected User Identifier) is a random number created by the website/application, assigned to the user, stored in the encrypted form by WWPass
  • Universal, convenient and very secure

Protected User Identity — PUID

User identification is based on PUID- random number attributed to a user, created by a Service Provider and stored by the Service Provider and WWPass.

Securely manage passwords
Encrypted and distributed

All PUIDs stored by WWPass are always dispersed and client-side encrypted at rest and in transit.

Zero Knowledge

WWPass stores all digital identities in a number of datacenters. No single datacenter stores enough information to decrypt data.

WWPass login - How does it work?

Users don't send any credentials to WWPass or applications, which means credentials cannot be stolen. All cryptographic operations take place on the user's device.

  1. Start of Login with WWPass
    Key A user presents a WWPass Key to log into a website or an application.

  2. Key identification and verification
    WWPass authenticates both the Key and the application. Once authenticated, WWPass combines the Key and the application to create a pointer to a unique data container located in geographically- distributed WWPass Network.

  3. Supply of user identifier- PUID to Service Provider
    WWPass sends the information stored in the data container to the application via a secure communication channel.

  4. User identification and authorization
    The application verifies the information received from WWPass and logs in the user. The user's identity is non-transparent to any potential attacker.

Securely manage passwords

Contact Us

Interested to see how it works for your business applications?