Two-factor authentication (2FA) is recognized as a stronger security standard than just a username and password, however, it is not widely adopted for access to web and mobile apps. When usernames and passwords are recycled across multiple apps, a single data breach can place users and organizations at risk for unauthorized access.
Secure Private Login (SPL) from Civic allows our Members to log in to our Partner web and mobile apps without a username or password. By leveraging the blockchain in our architecture, our Secure Private Login feature offers multi-factor authentication with a verified identity, and no username and password.
With Civic's Secure Private Login, members request access to our Partner sites via their Civic app, by scanning a QR code on a website. The Civic app then validates the identity of the Civic Member by requesting access through facial recognition or other biometrics. After validation, the Civic app then sends the member's encrypted credentials to the web or mobile app via authentication on the blockchain.
Secure Private Login is a far better user experience than legacy 2FA and does not require users to create and memorize multiple usernames and strong passwords. Since passwords are no longer required with SPL, password vulnerabilities such as email hijacking and resets are eliminated.
Secure Private Login provides greater privacy with the use of the blockchain. Unlike OAuth and OpenID, Civic is not in the middle of the identity data transaction between our Members and Partners, hence greater privacy for our Members and Partners. Civic’s architecture with the blockchain is capable of providing true anonymity to users when desired by the app.