What is Tento?
Tento uses visual cryptography to hide one-time passwords in a user token stored in the user’s mobile phone. These tokens are called TentoIDs. Each TentoID is different and we can produce trillions of them, so they can be used to uniquely identify the entire web user population – like web-based DNA. Every TentoID token is capable of producing up to 4 million different 4-character OTPs.
Our technology can replace a remembered password where one-factor authentication (1FA) is required
It can supplement a conventional static password to provide true two-factor authentication:
– “something you know” (static password) and “something you own” (TentoID in your phone)
– suitable for banking-grade logins and card-not-present payment approvals
How it works
We have developed software which can produce millions of one-time use (OTP) biometric passwords. The human eye is able to read the passwords produced by the app but even the phone that displays the password is not able to read it. As a two-factor authentication device, the user uses a complex static password, of the type usually required by banks, followed by a TentoID OTP. Tento can also provide a convenient password reminder for the static password.
When customers or clients register with a website that uses Tento Authentication, they get a QR-code that contains their TentoID. They download the Tento app from an app store and use it to scan their TentoID. If the user has not previously protected their phone with one of the many systems available, they should do so now! Their phone is now capable of displaying Tento OTPs. When they want to log in to a 1FA website, they enter their username as usual. They get an on-screen QR-code which they scan with the TentoID app in their phone and their one-time use password is immediately displayed on the phone screen. They enter this on the web page to log in. The phone does not need to be connected to any network, it is used as an out-of-band device, just like a SecurID keyfob token, making it extremely secure.
A different QR-code is produced for every authentication request received by the Tento Authentication Server (TAS). The OTP is displayed on the users phone screen for 30 seconds, after that it is deleted from the phone and from the TAS. If the user fails to enter the correct password within the 30 second period, they are allowed a limited number of further attempts.
Businesses who require only 1FA no longer need to keep their own password files, removing a favourite target for hackers and cybercriminals. They simply use the Tento Authentication Server (TAS) whenever they need to authenticate a user.
Tento OTPs conform to published authentication standards. They are random, use 47 different keyboard characters and satisfy the uniqueness test.
Benefits of Tento
- Trillions of unique user tokens
- Millions of one-time passwords from each user token
- Variable length one-time passwords – choose the appropriate security level
- OTPs comprise alpha, numeric, symbols in any combination
- Real-time and offline forensics
- Instant revocation of user token if phone is lost or stolen
- Temporary revocation of user token if phone is mislaid
- Can be integrated with a biometric factor for 3-factor authentication
- Simple technology licensing model based on territory, application area and time
- Lower cost than any comparably secure authentication systems
- Runs in multiple client devices
- One-time passwords (OTPs) displayed as images – resistant to malware and hackers
- Distinguishes humans and robots
- Can be branded with your logo, straplines, content, etc.
- No more costly password resets for IT helpdesks
- Easy integration with existing authentication systems
- Can run in parallel with existing authentication systems
- Comprehensive online and offline reporting for sysadmins
- control of issued and unissued tokens
- warning of fraud attempts
- token usage