CryptoPhoto Features

Protecting your site with CryptoPhoto is quick and easy.

CryptoPhoto is very easy to use
no training is required


CryptoPhoto literally blocks phishing. Potential victims cannot be tricked into revealing passwords - not by web sites, not by phone calls, and not in person.

CryptoPhoto neutralizes stolen passwords. Keyloggers and shoulder surfing are no longer useful threats to attackers or observers.

CryptoPhoto Features


  • Blocks Phishing
  • Neutralizes keyloggers
  • Is easy to understand
  • Is cheap or even free to deploy to the providing web site, or to end users
  • Can be added to existing customer materials (eg: printed on the spare space on existing bank/credit cards, included in postal mailings, etc).
  • Is durable, waterproof, needs no batteries, and doesn't expire.
  • Solves software oversights (eg: unencrypted laptop hibernation files, web breakins, etc)
  • Can function offline (eg: over a telephone)
  • Mitigates or prevents other potential user mistakes, like:
    • Telling people their password (willfully, by deception, or under duress)
    • Writing down passwords
    • Shoulder surfing
    • Password "Managers", and form fillers etc.
  • Limited attack vectors allow targets to actively identify threats in real time - most offline and hidden attacks are eradicated.
  • Looks attractive!

The CryptoPhoto API is easy to understand, easy to incorporate into your existing web site, and provides immediate and substantial security improvements.

Every token is unique - having random row and column codes (2 billion permutations) and random grids of photos (drawn from a massive stock library of hand-selected visually distinct non-controversial royalty free images).

Codes are all cryptographically secure.

CryptoPhoto tokens are all password protected, and CryptoPhoto SmartPhone APPs can also be independently passwords protected - stolen tokens or lost codes cannot be used by others.

No algorithms or seeds exist which can be used to infer or compute token security data.

2-Factor authentication


CryptoPhoto adds genuine high-security 2-factor authentication to online services. Customers use their first "factor" (their username and password) via their browser, and their second factor (their physical token or smartphone app) verifies both the customer (to the site) at the same time as verifying the site to the customer.

CryptoPhoto includes the additional protection of two-way authentication as well as the whole range of security benefits shown above.

2-Channel authentication transport


The CryptoPhoto smartphone apps all feature second-channel credential transport, protecting you against live and sophisticated phishing and man-in-the-middle attacks.

Want to know more? Please email or phone (Free call Australia) 1800 CRYPTO. We welcome all comments, questions, suggestions, or improvements.

Introducing bidirectional authentication (Phishing blocker)
a Third independent cryptographic factor


For the first time, CryptoPhoto offers legitimate web sites a means to strongly "authenticate" with users during the login process. Sites do this by showing one image to the user from from their token. Imposter sites are unable to guess images on users tokens, so this blocks phishing. ("blocks", as opposed to "mitigates", because the correct image is needed by the user to locate their row/col passcode - without the correct image, the user is blocked from accidentally logging into the wrong place, as well as alerted to the potential scam taking place)

The row and column codes are different for subsequent logins, neutralizing keylogger problems as well.

Images from the token are chosen for display to the user, such that the display order is random (true random, not any algorithm subsequent to theft, like the recent RSA breakin), and images are not repeated. Upon exhaustion, the token can either be discarded/replaced, or re-used, depending on the issuing party's or users security preferences.