You get no second chances with cryptocurrencies. It's real money, it's typically just one mistake away from theft, and the bad guys are after it. They attack you, and they attack your customers. CryptoPhoto protects both.
CryptoPhoto does 3 simple things, but it does them with the world's highest-rated security strength: NIST SP800-63-3 "AAL3" - that's 2 full assurance levels stronger than legacy ideas like 2FA and passwords, yet CryptoPhoto is fast, easy, and fool-proof.
Authentication, signing, and key-provisioning are just part of the picture; they require secure enrolment that is fast and easy for users to set up, they require fool-proof self-service
and secure handling for lost devices and end user maintenance, and they require a dedicated architecture that ensures there is no single-point-of-failure throughout.
CryptoPhoto provides it all, because there is no point having excellent security, if hackers can simply bypass it by scamming staff or users, exploiting recovery mechanisms, breaking in to your servers, or writing malware.
In NIST terms, "Verifier Impersonation Resistance" is an absolute requirement to ensure a "very high confidence that the claimant controls authenticator(s) registered to the subscriber".
In simple terms, it means that users cannot be tricked.
CryptoPhoto accomplishes this with the world's fastest AAL3-graded user experience: your service proves it's authenticity to your users by presenting them with a one-time random photograph, and the users
complete their login by tapping the matching photo on their CryptoPhoto-Device.
This is easy, requires no training, and takes on average just 2 seconds. Importantly - it means that if any kind of scam is in play, your users simply cannot be tricked: there's no way a bad guy can ask them for their login, and there's no way the customer could give it to them if they did (the one-tap sends the digitally signed EOTP authentication direct to your authentication endpoint, and never to any impostor).
Malware is everywhere, and even the world's strongest authentication is not going to stand in the way of malware, however, transaction-signing does.
CryptoPhoto provides a "one line change" upgrade to any interface you offer, which solicits real-time out-of-band confirmation direct from the real user, making it beyond clear to your users when an
injected transaction or malware-altered-instruction arrives.
In addition, CryptoPhoto provides real-time no-false-positive alerting of attacks, including malware, against your system. The instant any customer observes an attack, CryptoPhoto protects them, but also informs you immediately.
If bad guys target your users or systems, we stop them, and you'll know the instant they mount their attack
The safest place for keys to be stored, is not on your server. CryptoPhoto provides the mechanism to store any kind of data, including wallet keys, API codes, etc, on customer devices, with clever redundancy to prevent loss, and wrapped in multiple layers of encryption to prevent their theft from either (and both) your server and your customers alike.
We additionally offer "two man rule" decryption, for extremely important keys where no single individual should own the power to use or reveal them alone.
When your servers need the keys, they make an out-of-band request which appears full-screen to the authorised operator(s), who unlock the request with their biometrics, and (if they approve), who then provision the key to your machine, typically for just one-time (if you don't store it, it cannot be stolen).
No break-in to your server can reveal any keys (they're not there). No break-in to your staff or users can steal any keys (they're at least double encrypted - first to the user's biometrics, and second to the requesting server - and in the case of multiple signatories, they are additionally encrypted by all others.).
Countless victims, and hundreds of different crypto exchanges were hacked in 2017 alone. CryptoPhoto eradicates all single-point-of-failure opportunities from your systems: our solution will probably stop you or your users or staff getting hacked, but if the worst somehow happens anyway [nobody can predict the next zero-day problem!], our solution will prevent loss from that event.
Passwords alone don't work for many reasons - they're too easy to steal from users or server databases alike, they have no resistance against scams, impostors, and phishing, and you just can't trust users to get them right. 2FA codes are exactly the same - they too are just as easy to steal from users, their keys also sit on servers and are a single break-in away from complete compromise, and they too have no resistance against scams, impostors, and phishing, and you still can't trust users to secure and not lose their phones. 2FA was invented in 1984, before the web even existed - it is far too old to be trusted, and next to useless on modern connected systems.
Keys belong in your pocket, not on a server waiting to be hacked. CryptoPhoto offers you the industry's most effective user security, but also with the industry's fastest and easiest-to-use user experience.
Protect your users and your staff against attacks on your systems and attacks on themselves, including phishing, social-engineering, and malware.
* NIST Special Publication 800-63 Revision 3
Authenticator Assurance Level 3 (AAL3) provides very high confidence that the claimant controls authenticator(s) registered to the subscriber. Authentication at AAL3 is based on proof of possession of a key through a cryptographic protocol. AAL3 is like AAL2 but also requires a “hard” cryptographic authenticator that provides verifier impersonation resistance.