Odoo ERP – MasterKey Connector for Passwordless Authentication
What is MasterKey?
An intelligent new approach to Passwordless Authentication that is invisible and frictionless for users. The seamless experience achieves MFA in one step and is 10-100x faster to deploy than other solutions. There is (i) No user software or setup, (ii) No change management, and (iii) No backend system changes.
For users: Passwordless provides seamless access to online services which increases engagement and productivity. They no longer need to remember or enter credentials.
For hackers: Passwordless makes it incredibly difficult to take-over user online accounts, redirect financial transactions, or steal data.
No technology risk: There is no single point of failure because users can still login as normal if they need to.
No security risk: The user no longer enter credentials through the weakest point of the network, their device. Authentication is now controlled by the Odoo web server.
The system includes a security feature to automatically logout inactive user sessions. The timeout is set by the administrator..
MasterKey is available in 1, 2 or 3-Factors of Authentication:
- 1st Factor of Authentication (User credentials)
- 2nd Factor of Authentication (Device Signature) *
- 3rd Factor of Authentication (Biometrics/FIDO2) *
* Available via upgrade in the Next release
How does it work?
MasterKey is a SaaS security solution developed and hosted by the cybersecurity innovation team at BankVault.com.
It harnesses the users mobile phone to authenticate but does this without any user software or setup and so is invisible to users. It can provide up to 3-Factors of Authentication which is far more secure than just a username + password.
The system is based on a new Decentralized Web Protocol. Three (3x) security secrets (a temporary one generated by the webserver, a semi-persistent security secret generated by the users mobile, and a permanent security secret generated by the MasterKey infrastructure) combine to double-encode and encrypt information entered by the user such as login credentials.
The genius behind the protocol is a two-stage process than uses these secrets but never requires them to be released. The users information can only ever be deciphered by the webserver when initiated by the mobile.
- On mobiles, Odoo prompts the user and logs straight in.
- On workstations, user scans a QR code with their phone camera. Odoo prompts and the workstation logs in.
Passwordless Authentication is deployed in 5-minutes and meets the most advanced expectations for Zero-Trust networks and Zero-Trust devices.
It delivers an immediate ROI.
DEPLOY IN 5-MINUTES
(FREE 14 day Trial)
Step 1 – Get the Connector
Step 2 – Activate Your FREE 14-day Trial
Step 3 – Insert your API Key
Log into Odoo as your site Administrator:
- Select Settings, then “BankVault MasterKey”
- Insert your secure activation code (API Key)
- Set the inactive user session timeout, e.g. 30 minutes.
- Save your new settings.
You can test drive MasterKey in a fully operational work environment with no restrictions for 14-days free of charge.
- There is no technology risk because there is no single point of failure – users can still login with their normal credentials if the system fails or can’t present a QR code.
- There is no security risk because this is the users normal input – now controlled by the Odoo webserver so the user credentials are no longer entered into their local PC/smartphone (the most vulnerable part of any network). The credentials are captured in a decentralized protocol using secrets generated by the users mobile and the web server creating the login page. They can only be deciphered by the Odoo webserver which never releases its’ security secret.
After the 14-day free trial, you can continue using the service by paying a subscription fee, either monthly or yearly. Near the end of the 14-day trial you will receive an email with a web link allowing you to choose a license matching the band of active user devices for your system.
The system is provisioned in user bands matching the infrastructure needed to support the number of users (unique mobile phones) connecting each month.. Excess users will receive gentle warnings and then be unable to login using MasterKey. Users are never locked out because they can go back to the original Odoo login screen but this reverts backward undermining the security model and creating user confusion and friction.
If your site operates more than 50-user devices or if you wish to discuss a custom requirement then please speak with us. Implementation choices are available with deployment costs trending to nil.
Licensed up to 5 Users($2 / user-month)
or $15 / month
Licensed up to 15 users($1.33 /user-month)
or $26 / month
Licensed up to 50 users($0.80 / user-month)
or $52 / month