Passwordless MFA System: Proof of Concept

Highlights

In 2018, Identité, an American seed-funded startup in authentication solutions, turned to PSA for  turnkey product development, from concept finalization to deployment and further support. The product idea was a passwordless registration and authentication system, that was expected to be the easiest to use and the most secure on the market.

Challenge

Customer Challenge

Implement a passwordless authentication solution in the most secure way to capitalize on it.

Project Objective

Create the easiest and most secure passwordless authentication and registration tool suitable for versatile use.

Solution

To validate and finalize the idea of a passwordless authentication tool, PSA conducted research on how to implement authentication that is ultimately secure without a password. As a result, we invented the method we called Full-Duplex Authentication®, which allows for verification of all sides of the interaction – both services and the users. Thus, we have introduced a new authentication standard and created intellectual property in form of a written patent. The simplified version of the method looks like this:

  1. Generating a one-time password on the authentication server

  2. Providing generated password to the user device and the web portal

  3. Verification of passwords displayed on the portal website and on the user device

To provide the ultimate security level of the solution we implemented the concept of Multi-Factor- Authentication (MFA): by login, secure token (one-time password), and biometrics. The whole authentication concept sounded like this: With minimal typing or actions by a user, they could quickly register and authenticate with 3 factors – something they knew, something they had, and something they were. The solution was decided to be called NoPass®.

In parallel to this, we conducted detailed market research to ensure the business value of the perspective tool, and identify market niches to propose it. Thus, we delivered a concept of 3 separate products to be developed:

  • NoPass Consumer – for marketplaces to authenticate consumers,

  • NoPass Employee MFA – for companies’ workers' authentication,

  • NoPass Employee SSO (Single-Sign-On) – for authentication in various systems within one portal. 

In addition, we provided the client with the concept of NoPass SDK – a software development kit that allows for building the NoPass multi-factor authentication into the existing mobile applications. With NoPass SDK, you keep the user from having to install an additional app on their smartphone that performs authentication.

The first PoC (Proof of Concept) of the NoPass product was a demo portal called PerShop that we connected to the NoPass server. Our applications accomplished the task of simple and secure password-less user registration and authentication.

To explore more technical details click here.

Development Included

  • Functional requirements definition
  • Researching modern authentication standards
  • API documentation
  • Deployment guide creation
  • SDK architecture documentation
  • StoryBoard creation
  • POC delivery

Result

Result
  • The invented method of passwordless authentication eliminates man-in-the-middle, spoofing, and phishing attacks

  • The patent was created and registered

  • A stable income was expected after 1-year

Technology Breakdown

Industry
Project size
  • 1 Technical Coordinator
  • 1 Project Manager
  • 1 Business Analyst
  • 1 Software Architect
  • 3 Software Engineers
  • 1 QA Engineer
  • 1 Marketing Specialist
  • 1 Graphic Designer
  • 1 Technical Assistant
Duration
  • August 2018 – January 2019

Further Cooperation

After delivering the initial concept, the PSA team moved further to development in order to enter the market with the simplest and the most secure authentication tool.

Let's Connect

Learn more about how we engage and what our specialists can do for you
This site includes photos from Pixabay licensed under CC0 Illustrations by Storyset images by Freepik.