Passwordless Web Authentication

Seamless for Users | Deployed in Hours

An intelligent new approach to Passwordless Web Authentication that is invisible and frictionless for users. The seamless experience makes it 10-100x faster to deploy than other solutions, requiring . . . . (i) No client software or user setup, (ii) No change management, and (iii) No backend system changes.

Seamless User Experience

No client software or user setup

No change management

No backend system changes

Simple, Low-Cost Deployment

(10-100x faster than other solutions)

MasterKey meets the most advanced standards for Zero-Trust networks and Zero-Trust devices.
It implements the WebAuthn/FIDO2 standard without any system development.

Clientless Webserver-Controlled Architecture

A New Protocol for Authentication and Authorization

The genius of MasterKey is that it requires no client software for users to install or setup. Centrally controlled by the webserver, it is deployed instantly to all users at scale and activates the webserver’s intelligence to co-create a unique triangulation formed between the webserver, user, and their mobile.  The system secures the input, storage and recall of credentials and other factors to authenticate users, and authorize transactions.

There are three component technologies: (i) Encrypted Invisible Keyboard, (ii) Passwordless Web Authentication, (iii) MFA in 1-step (not 2 steps).

New MasterKey Homepage Imagery Clientless Section Encrypted Keyboard

Encrypted Invisible Keyboard

User credentials are captured (or generated) in a double-encoded and encrypted system.

The webserver harnesses the mobile phone’s browser to create the illusion (graphical proxy) of a keyboard. Cells on the screen generate encoded references that can only be interpreted by the webserver which set it up a moment earlier. No characters exist locally so the information cannot be intercepted and deciphered. Instant onboarding of new users can be facilitated by auto generating credentials so users never see a keyboard.

Icon 02 BankVault MasterKey Homepage Imagery Encode Encrypt

Passwordless Web Authentication

Credentials captured and stored by the system are retrieved to create the Passwordless experience. 

The information that was captured by the Encrypted Invisible Keyboard can only be retrieved and deciphered when all elements of the original triangulation are in place, and initiated by the users mobile.

Icon 03 BankVault MasterKey Homepage Imagery Triangulation

MFA in 1-Step (not 2 steps)

The credentials can only be reconstituted inside the webserver, when the original triangulation is initiated by the user’s mobile, and if WebAuthn is enabled, by the user providing their proof-of-presence.  (Biometric, Screen swipe, PIN, etc.). The experience is simply invisible.

Zero Trust Networks

Zero Trust Devices

keyboard icon

Sidestepping the Attack-Surface

99% of cyber-attacks target devices (PCs and Smartphones).The goal is identity theft to take over online accounts and steal money, redirect financial transactions or access private data. Credential are easily intercepted by keyloggers or a Man-in-the-Browser attack. MasterKey sidesteps the device, providing no attack-surface for hackers. Credentials never hit the user device or network.

Zero Trust Networks

MasterKey meets the most advanced expectations of Zero-Trust networks.

Devices capturing information from users are first encoded and the data captured is then double encoded and encrypted with AES-256, Current technology would requires billions of years to decrypt this and would only then reveal context-less meaningless encoded data.

Whether “Cloud Hosted” or “On-Prem”, nothing can intercept and decipher the information flowing through the system. 

The protocol ensures that only the webserver, with the security keys it generates, can decipher the information when triangulated with the users mobile, and optionally their proof-of-presence.  

At no other point within the system is there enough information to decrypt and decode, other than inside the webserver.

Zero Trust Devices

MasterKey’s security posture assumes every device is already compromised.

The system projects a security protocol that sidesteps any malware or non-malware, allowing users to authenticate themselves or authorize transactions.

It sits comfortably alongside existing monitoring and detection software on users devices without interference.

FIDO2 / WebAuthn

MasterKey is an implementation of the WebAuthn / FIDO2 standard.

It enables organizations to deploy WebAuthn overnight, without any system development or data migration. 

The Danger Of Not Taking Action

Users are scared of Identity Theft and minimize their engagement with businesses that do not protect them. Companies that care to protect their users are trusted and rewarded with greater engagement. Companies that fail to provide essential WebSecurity fall. Their reputation tanks. Users flee. MasterKey provides strong WebSecurity and involves virtually no expertise and time to deploy. It delivers the ultimate Passwordless experience. Smooth and Intuitive.

You could be running a WebSecure business by the end of the week.
What’s holding you back?

Icon 04 BankVault MasterKey Homepage Imagery Strong WebSecurity

Access to Strong WebSecurity

For any company caring to secure users, MasterKey is a no-brainer.

Icon 05 BankVault MasterKey Homepage Imagery Point Solution

Point Solution
for IAM

For organizations bogged down in ‘Identity and Access Management’  transformations, MasterKey can be implement immediately.

Icon 06 BankVault MasterKey Homepage Imagery Upgrade from Password

WebSecurity 101 for small businesses

A SaaS subscription and simple deployment, involving no barriers, makes MasterKey accessible even to smaller businesses that typically do not have the resources to deploy new Authentication solutions.