At Haventec our approach is to never store any user secret or private encryption key anywhere.
Instead, Haventec Authenticate decentralises your access across 3 different locations:
- Your PIN only known to you, it is never saved or stored anywhere
- Your device has an authentication secret, unique to your device
- Authenticate also has a secret and a lock, they are unique to both you and your device
How we authenticate you
- You enter your PIN into your device and the PIN is encrypted
- Your encrypted PIN and device secret are sent to Authenticate
- Using Haventec’s algorithm the 2 secrets (yours and Authenticate’s) and your encrypted PIN are recombined to create your single-use private key
- Authenticate uses this key to unlock your access, then the key and lock are destroyed
- Authenticate then creates a new pair (key and lock) for the next use
- The new access key and your encrypted PIN are encrypted using Haventec’s algorithm to create 2 new secrets – the key and PIN are destroyed immediately
- Your new secret is sent to your device (it is not stored by Haventec) ready for your next authentication
With Authenticate there is nothing for a cyber-attacker to steal since you are the only one who knows your PIN.
This provides a much stronger mechanism than traditional two-factor authentication.
Single-use authentication keys also protect against common attacks such as phishing, shoulder surfing, social engineering, password cracking and malware keylogging – because they can’t be reused.
No more passwords
Most authentication systems rely on the outdated username + password model to confirm a user is allowed access.
These systems often also rely on a central store of user credentials to crosscheck authentication – and these central stores are very attractive targets for hackers. If a hacker can crack the master list they can compromise multiple accounts.
Too many people are also careless with passwords and don’t bother creating ‘strong’ passwords. And they reuse a small collection of favourite passwords for everything from their email to business systems, social media and payment gateways.
Reusing passwords makes it easy for hackers to compromise multiple accounts once they’ve stolen a list of passwords.
But what about password managers?
Often people who use a password manager on a device aren’t smart about securing access to the device itself. Again, this behaviour creates a central store of passwords, which once cracked allows the attacker to compromise multiple accounts.