Keyri offers a comprehensive suite of passwordless authentication methods to cover the full user journey, from registration to login.
- EchoGuard authentication methods are designed to be familiar user experiences
that are secure, easy to implement, and ideal for onboarding new users.
- Email Magic Link - An email containing a link with a secret query parameter is send to the user's email address. The user clicks the link to authenticate.
- Reverse SMS - An SMS message containing a secret is drafted for the user. The user taps a button or scans a QR code to send the message to Keyri. This reversed process is secure, easy to use, and cost effective compared to traditional SMS OTP strategies.
- Cryptographic Mobile Authentication - A cryptographic key pair is established on the user's mobile device and stored in its Trusted Execution Environment. It is used to generate a cryptographic signature that is sent to your server for verification against the user's public key. This mechanism can be used after a biometrics check for a seamless passwordless MFA process, or it can be run in the background to provide continuous authentication.
- QR Authentication - A QR code is displayed the user's laptop, desktop, or smart TV. The user scans the QR code with their mobile device (that has your mobile app installed in it) to authenticate. This system uses the same cryptographic verification flow as the mobile app authentication method.
- Passkeys (WebAuthn) - A modern standard passwordless authentication system. Key pairs are established on the user's device and stored in its Trusted Execution Environment. The private key is used to sign a challenge from the Keyri server, and the public key is used to verify the signature. Keyri enhances the Passkey system by adding a QR authentication system that allows users to authenticate on a device that does not support WebAuthn or in situations where the user has Passkey credentials on their mobile phone but not on their laptop or desktop and is having issues with Bluetooth.