The genius of MasterKey is that there is no client software for users to download, install and setup, unlike other solutions. Centrally controlled by the webserver, it can be deployed instantly and scaled to any size user base (or sub-set). MasterKey activates the Webserver intelligence to co-create a system based on the unique triangulation formed by the User, Mobile and Webserver. This System secures the original input, storage and recalls of credentials.
When initiated by the user’s mobile, the Webserver harnesses the phone browser to create a once-off Encrypted Keyboard (graphical proxy). Users enter their credentials once which generates unique encoded cell references. No characters exist locally so even on a compromised zero-trust device or network, nothing can intercept and decipher the credentials.
The credentials, as they enter and flow through the network, are double-encoded-and-encrypted, making it impossible to decipher if intercepted. The data has no context or meaning without all the components of the original triangulation that co-created it.
The credentials can only be reconstituted inside the webserver, when the original triangulation is initiated by the user’s mobile, and if WebAuthn is enabled, by the user providing their proof-of-presence. (Biometric, Screen swipe, PIN, etc.). The experience is simply invisible.
99% of cyber-attacks target devices (PCs and Smartphones).The goal is identity theft to take over online accounts and steal money, redirect financial transactions or access private data. Credential input is easily intercepted by keyloggers or Man-in-the-Browser attacks. MasterKey sidesteps the device, providing no attack-surface for hackers to steal credentials. Credentials never hit the device.
Users gain seamless access and never need to enter credentials again. On mobile/tablets, the system recognizes the user device and simply logs them in. On workstations the user just waves their phone over the screen. Instant secure access. If the WebAuthn option is activated then the user is also prompted to give their Proof-of-Presence
Until now, the only solution to credential theft was 2FA. This is a valid option but typically a last resort because it is clumsy for the user, it adds to the support burden, and it can still be defeated by a Man-in-the-Browser attack. The adoption of MasterKey is totally intuitive to users as there’s no pre-requisite setup and its use is seamless.
MasterKey provides Multi-Factor Authentication in a way that’s completely invisible to the user by enabling 3 levels of identification: ‘something you know’ (credentials) ‘something you have’ (mobile), and ‘something you are’ (biometric scan, screen pattern, local device PIN etc.). Strong security is achieved in 1-invisible-step (not 2 steps).
For any company caring to secure users, MasterKey is a no-brainer.
For organizations bogged down in ‘Identity and Access Management’ transformations, MasterKey can be implement immediately.
A SaaS subscription and simple deployment, involving no barriers, makes MasterKey accessible even to smaller businesses that typically do not have the resources to deploy new Authentication solutions.
USA
Australia