CryptoPhoto is a fast and easy-to-use multi-featured authenticator with AAL3-grade high security, transaction signing, and crypto-key provisioning features. It replaces legacy 2FA and other ineffective security tools and gadgets and can optionally and safely eradicate the need for passwords.
Human-factor exploits account for 9 out of every 10 cyber incidents. CryptoPhoto is the first authentication solution which extends protection to humans themselves.
Our technology uses a simple technique for mutual-authentication, which actively prevents staff and students from falling prey to credential theft, account takeovers, scams, or tricks. In NIST-SP800-63-3 language, we implement effective “verifier impersonation resistance” for logins, which is why CryptoPhoto is two full assurance levels stronger and more effective than other authentication add-ons like 2FA OTP, Fido gadgets, SMS, or biometrics.
Other threats besides humans still exist, most of which CryptoPhoto also address. We support out-of-band digital signing of transactions to overcome malware and other RATs, we separate identity from authentication to overcome serverside break-in risks, we implement trusted certificates over (and despite) TLS to defeat sophisticated man-in-the-middle attacks including rouge CAs, certificate substitution, or illegitimate certificates, we provide two-man-rule authentication-appliance administration to eliminate single point of failure risks among operator staff, we provide heavy and effective appliance self-defence against intrusion, DoS, compromise, backdoors, and we offer cryptographically secure mechanisms capable of safely enrolling a new user with CryptoPhoto even if that user is operating from an already-compromised environment.
The education industry is possibly the world’s most difficult cyber-security challenge.
Vast numbers of machines physically accessible by large numbers of users make many challenges seem impossible to contain, like hardware keyloggers, undetectable RATs (remote-access trojans), shoulder-surfing and video-surveilled credential-theft, rogue wifi, $10 SDR cellular interception, and IoT or other MitM.
Social-engineering against staff and students is incredibly easy to perform in the typically relaxed and friendly atmosphere of the institution. Victims can be easily tricked or personally guided into credential theft and Trojan-install scenarios, staff can be duped via impersonation or other methods, and unauthorised credential resets facilitate exceedingly simple bypass of existing security controls. Collaboration is usually encouraged, but students often take this too far, making it difficult to prevent cheating, gaming of attendance and registration systems, manipulation of voting, and other mischief that talented young hackers get up to.
CryptoPhoto solves all these challenges, with the industry’s highest-strength, yet also fastest and easiest solution.
We believe that the most important improvement authentication can offer is user experience. It needs to be both easier, and faster, than what you’re already doing to ensure it receives the widest possible acceptance and respect.
CryptoPhoto supports a wide range of existing popular products right out of the box, and integrates easily and rapidly for any bespoke purpose using our simple API and/or SDK with extensive online help, interactive training, code samples, and free training. Our installation guide can secure practically any use case in as little as an hours effort, and that includes complete and secure handling of customer enrolment, management, and loss-handling etc, as well as authentication and signing. CryptoPhoto is designed to be fully self-service, despite its AAL3 high-security.
Our administration console provides real-time metrics, as well as user management features, however, CryptoPhoto is designed to prevent staff social-engineering and user-account bypass, so there is typically no need to perform user administration duties: this is securely managed by the end users themselves in almost all situations.
Build your own solutions - CryptoPhoto's high-security API easily drives any use case that needs a great user experience with strong user protection.