M-Pin logo

Strong Authentication

Eradicate Passwords Everywhere

M-Pin Strong Authentication
See M-Pin in action
Download M-Pin Server

Got a crypto question?

Ask our experts a Question on CryptoStackExchange

Visit the Crypto Stack Exchange forum, simply tag your question with the one of the following tags to ensure your question is seen by us:
• CertiVox
• M-Pin
• MIRACL

Fire Away

M-Pin™: Eradicate passwords, get two-factor authentication and a better user experience

Want to use two-factor authentication but without the cost of hardware tokens, user training and complex deployments?

Wish you could get rid of your username / password vulnerabilities, the expense of password management systems and sleep well at night?

Get it all with M-Pin.

What is M-Pin?

M-Pin™ Strong Authentication System enables true two-factor authentication for web sites and applications, based on the open source M-Pin™ Authentication Server and M-Pin™ Managed Service.

The M-Pin™ Managed Service is a highly available, fault tolerant software as a service that issues cryptographic secrets to M-Pin™ Authentication Servers and Clients. The M-Pin™ Authentication Server uses just one leak-proof cryptographic key, and can't reveal any information about your users such as identity or login details, even if the key is compromised. The M-Pin Client is an HTML5 browser, so developers can easily integrate M-Pin into their websites and applications, enabling frictionless two-factor authentication and removing all username / password vulnerabilities.

M-Pin Integration

Why is it different?

M-Pin represents a completely rethought approach to how application developers and enterprises deliver authentication to their end users. Here are some of its unique qualities:

  • It delivers true two-factor authentication using strong elliptic curve cryptography and identity-based encryption, highly optimized for the web
  • It enables users to authenticate using a simple, ATM machine UI pin pad, rather than a username and password. Infinitely easier – but also infinitely more secure – than username and password
  • M-Pin Authentication Servers never store any identity information about users, so there are no vulnerable username / password databases to hack or steal
  • It is ideal for use in low-powered or constrained environments, thanks to its underlying MIRACL-based code
  • It uses any unique identifier you supply to strongly authenticate anyone or anything to your application or service
  • The M-Pin Protocol can easily be extended to include additional factors of authentication such as biometrics and device fingerprints
  • It requires no additional client software or hardware – just an HTML5 browser on any device
  • Using the open source C Client Library, you can embed the M-Pin Protocol into any client / server application

Like what you're seeing? See your next recommended steps