WHAT’S WRONG WITH PASSWORD?

  • 01 EVOLVING CRACKING METHODS

    In addition to the traditional “brute force” approach, algorithms have evolved to include masking (predictable character order), dictionary attacks (predictable character combinations), and rainbow tables (predictable hashes).

  • With the widespread availability of Graphics Processing Units (GPUs) and cloud computing, the computational resources required for cracking passwords have become more affordable and easier to access, making it a viable option for many.

  • Humans tend to create passwords that are easier to remember, but unfortunately, these passwords often follow predictable patterns. As a result, they’re typically more vulnerable to cracking, especially when compared to more complex, computer-generated alternatives.

JWT EAuth: Modern Authentication Redefined

JWT EAuth is a cutting-edge authentication service designed to enhance online security by replacing traditional passwords with advanced methods like biometrics (fingerprint, facial recognition) or hardware security keys. As cyber threats grow more sophisticated, password-based systems become increasingly vulnerable to attacks such as phishing, credential stuffing, and data breaches.

With JWT EAuth, businesses can adopt a modern, secure solution that not only protects data but also improves user experience.

Enhanced Security

Eliminates passwords, reducing risks of phishing and credential stuffing.

Improved User Experience

Enables faster, frictionless logins as users can authenticate using biometrics or simple devices like security keys.

Builds Trust

Signals commitment to data protection and privacy, enhancing brand credibility.

Leading digital companies have already implemented password-less solutions.

Google
Apple
Microsoft
Paypal

Asymmetric Encryption

is it secure?

Password-less authentication using asymmetric encryption provides strong security by ensuring that only the private key can be used to sign data, while the public key is used to verify the signature. This method also ensures that no sensitive or critical data is exchanged during the authentication process. This security is achieved through the use of the Elliptic Curve Digital Signature Algorithm (ES256) or the RSA Signature Algorithm (RS256), both utilizing 256-bit key lengths.

Simple code made effortless.

Service Flow

1

Registration

The user registers an account by providing necessary information. This step typically involves creating a username and public key, which are securely stored and hashed in the database.

2

Login

The user logs in by submitting their credentials (username and public key). The system validates these credentials, and if successful, a session or JWT token is generated for authentication.

3

Token Validation

After successful login, the JWT token is sent with each request to authenticate and verify the user's identity. The token is validated either through a service like JWTEAuth's checkToken method or manually on the server-side to ensure that the request comes from an authorized user.

Code Snippets


<!-- Load API -->
<script src="https://yourdomain/folder/js/jwteauth.min.js" ></script>
          

const result = await JwtEAuth.userRegister(user, authenticator);
if (result.status == "success") {
    //.. success 
} else {
    //.. error 
}
          

const result = await JwtEAuth.userLogin(user);
if (result.status == "success") {
    //.. success 
} else {
    //.. error 
}
          
<?php
header('Content-Type: application/json');
$input = file_get_contents('php://input');
$data = json_decode($input, true);
if (isset($data['jwtToken']) && !empty($data['jwtToken'])) {
    $jwtToken = $data['jwtToken'];
    $apiKey = 'xxxx-yyyy-zzzz'; // static api key from jwteauth vendor
    $origin = 'https://yourdomain.com'; // domain name

    $headers = [
        "Origin: $origin",
        "Authorization: Bearer $apiKey",
        "X-JWT-Token: $jwtToken"
    ];

    $url = 'https://server1.jwteauth/endpoint/checkToken'; 
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    $response = curl_exec($ch);
    $data = json_decode($response, true);
    if (curl_errno($ch)) {
        echo json_encode([
            'status' => 'error',
            'message' => curl_error($ch)
        ]);
    } else {
        /* roles assignment */
        //-- user authorization
        //-- redirect page         
    }
    curl_close($ch);
} else {
    //-- Token not found.
}                                     
?>

Custom Solution

For large scale, dedicated server, on-premise server, or custom integration. Contact us for custom solutions tailored specifically to your business requirements, providing flexibility and personalized support to achieve your goals.

Contact Us
`