NoPassword – Security By Design hajysr 2017-03-07T20:47:41+00:00
NoPassword is committed to pushing industry standards and best practices forward by reimagining and re-innovating authentication process and identity and access management.
Security By Design
No Centralized Credential Database
NoPassword is designed to perform local biometric authentication, which means mathematical models of the user’s biometrics do not leave their smartphone and are NOT stored on a centralized database. Eliminating a centralized database of credentials, such as biometrics and passwords, immunes NoPassword from attackers that steal users’ credentials from the server.
No More Manually Entering Credentials
Users who use NoPassword biometrics do NOT manually type in any credentials, such as passwords or 2 factor tokens. Therefore, keyloggers, phishing and social engineering cyber attackers that try to spoof user’s credentials are out of place and CANNOT be performed on the NoPassword solution.
Eliminating Chance of Remote Attacks
To access a user’s account, an intruder would need to, first, steal the user’s phone, then, spoof that user’s biometrics along with imitating the hidden features extracted from the user’s phone. Every single one of the above items are not easy tasks and require extensive resources. For instance, there are anti-spoofing features built into the NoPassword biometric authentication engine that prevent intruders from spoofing biometrics. In the unlikely event that an intruder manages to do so, they would compromise a single user’s access, which is not scalable and cannot be performed remotely to access thousands or millions of users’ accounts.
Self-defence and Protection
Furthermore, self-protection features are built into the NoPassword authentication mobile app and SDK that prevent any tampering or interfering with the NoPassword authentication application. NoPassword prevents running the authentication application on rooted or jailbroken mobile devices to prevent jeopardizing users’ PII and sensitive information.
FIDO UAF Certified
NoPassword is FIDO UAF Certified and complies with FIDO UAF server and client requirements. NoPassword only integrates biometric authentications that are also FIDO UAF certified. Having said that, while we believe FIDO is a good starting point for the industry, today’s enterprise requires ultimate security which is beyond FIDO’s recommendations.
Secure Biometric Authentication
Biometric raw data is converted to mathematical models through an irreversible process and the biometric raw data is deleted from the user’s device and not even stored on the user’s smartphone. The mathematical model of the biometric is then encrypted using AES-256 encryption and only stored on the user’s smartphone for future authentication purposes.
Multi-layer Encrypted Communications
PKI model is used throughout NoPassword solution to communicate between different pieces of the solution to send authentication results. All the communication throughout the NoPassword solution goes through TLS channel. PGP encryption is always used to enhance messages sent and received between different points of the solution.
Secured Data in Transit, Runtime, and At Rest
Information in transit and at rest is always encrypted throughout the NoPassword solution, this includes information stored on the NoPassword server. The NoPassword application leverages whitebox cryptography techniques to utilize sensitive information stored on the user’s smartphone. Hardware modules are used to store encryption and communication keys.To learn more, click here.
Secure Authentication Process
Every time a user is being successfully authenticated based on biometrics (Human Factor), NoPassword leverages its patent pending technology to communicate with the authentication server. The communications to the server is subject to 5 layers of security.To learn more, click here.
Strong Authentication Engine
In contrast to conventional password based authentication systems that rely on checking static credentials stored on a database, NoPassword authentication engine uses Public Key Infrastructure (PKI) and checks the authenticity of hidden features extracted from the user’s phone, which include static and dynamic information to successfully authenticate the user.
AI Driven Solution
Artificial Intelligence driven monitoring is an important feature of NoPassword solution. This enables us to ensure sure the health of our authentication application on the NoPassword server and smartphones.
NoPassword complies with standards such as NIST 800, OWASP, ISO 27001, PCI DSS, and others. Third-party auditors regularly and continuously audit NoPassword operations and its infrastructure and operations to ensure security of NoPassword services.
Continuous Code Review and Pen-testing
Continuous code review is also performed as we release new features to make sure new versions and updates of NoPassword products meet or exceed our high standard. Furthermore, NoPassword is currently going through compliance validations and certification reviews for a number of certifications and regulatory compliances. .
Continuous Security Innovation
NoPassword Security is also about Privacy and Convenience
At NoPassword, we believe we are only able to improve the security if the technology we develop is adopted and admired by a large number of users. This is only possible if it is easy-to-use and does not intrude on the user’s privacy. Consequently, privacy, security, and convenience are the three pillars of NoPassword. We watch and listen to our users, their stakeholders, and, more importantly, to industry as we constantly improve user experience. Let us know what you need, there is high chance that we can offer it today.
Staying Ahead of the Game
The NoPassword team is made of world class scientists and cyber security engineers full of innovative ideas. We are at the beginning of our journey and are ready to push beyond industry standards and best practices. We are never just satisfied when it comes to security and we strongly believe there is still a lot to do to ensure we are always ahead of malicious intruders, and hackers.
There is More to Come...
NoPassword takes advantage of an agile development team that improves security features and user experience throughout the NoPassword solution. You don’t need to wait for the next big update. Updates to the mobile applications, mobile SDKs, web applications, universal directories, and the NoPassword authentication engine are released monthly, without interrupting users. Enterprises taking advantage of our Saas and Cloud services will automatically receive new features.
Learn more why we claim the highest level of authentication security