Passwordless Authentication

Login with a glance.
No passwords. Ever.

A Zero Trust passwordless solution built on mutual authentication (ITU-T X.1280). The system presents a one-time code, the user approves on their phone — no password is ever typed or transmitted. Phishing, pharming, and man-in-the-middle attacks are defeated at the protocol level. Built by DualAuth (Korea), deployed by id3 Technologies (France).

Try Live Demo How It Works
yourapp.com/login

Confirm on your device

Match this code on Passwordless app

482716

Welcome back

You are now signed in

9:41
Thursday, March 19
Passwordless Login request from alice@company.com
now
Passwordless

Confirm this code matches

482716

alice@company.com

2:47 remaining

Verifying identity...

Authenticated

Identity verified successfully

Authentication Flow

Four steps. Zero friction.

Unlike traditional auth where users input credentials, Passwordless reverses the flow: the online system outputs the password and the user simply approves. This eliminates stolen credentials, phishing, and pharming at the root.

01

User enters email

No password field. Just an identifier. The server looks up the registered device.

02

6-digit code appears

A unique one-time code appears on screen. The same code is pushed to the mobile app for confirmation.

03

Mobile approval

Push notification shows the same code. User verifies it matches, then taps approve (with optional biometric).

04

Session created

Cryptographically verified, session created. The user is authenticated. No password ever transmitted.

Why Passwordless

Security without compromise.

Zero password storage

No password database means no breach target. Eliminates credential stuffing, rainbow tables, and phishing at the root.

Sub-3-second login

Push notification arrives instantly. One tap and a biometric check — faster than typing a password from memory.

Multi-factor by design

Device possession + out-of-band biometric. No sensor needed per device — the smartphone is the universal biometric authenticator. PIN, fingerprint, or face recognition per request.

Platform agnostic

Integrates with any backend or platform — Java, .NET, Node.js, Python, or serverless. No vendor lock-in.

Fallback authentication

Backup password, SMS OTP, and Mobile OTP as fallback paths. No user ever locked out.

Easy integration

Simple setup with clean endpoints for every operation. Full admin tools for account management and configuration.

Why Not Alternatives?

Compared to existing authentication methods.

Traditional methods authenticate only the user — but never the system. Passwordless is a mutual authentication technology based on ITU-T X.1280: the online system proves its identity to the user first.

FIDO / Passkey

  • Requires biometric sensors on every device — high cost
  • In-band biometric: cannot verify which system receives the credentials
  • No mutual authentication — vulnerable to phishing of the relying party

Mobile Authenticator (Push / QR)

  • Push to a fake system — user cannot verify who sent the request
  • QR code from a fake site leads to approval of an attacker's session
  • One-way trust: system trusts user, but user cannot verify system

PKI Certificates

  • NPKI folders and certificate files at risk of theft
  • Private key input easily stolen via keylogger
  • Complex management — renewal, revocation, and storage burden on users

OTP / SMS

  • Cannot verify if the connected service is genuine — fake sites collect OTPs
  • SMS forwarding and SIM-swap attacks intercept codes
  • Phishing pages replay OTP in real time for immediate account takeover
Passwordless
Convenience

The online system generates and presents the password automatically — users simply approve.

Mutual Authentication

Users verify the system's identity before biometric approval — phishing and pharming defeated at the protocol level.

Economy

No biometric sensor needed per device. Any device uses the smartphone as a universal out-of-band biometric authenticator.

International Standard

Built on ITU-T X.1280.

Passwordless implements the ITU-T X.1280 international standard — the only standardized mutual authentication framework where the online system and the user authenticate each other simultaneously. An open, interoperable protocol recognized by the International Telecommunication Union.

eSTORM Server DualAuth's authentication engine (Korea)
Passwordless Mobile App Push notifications with biometric confirmation
Cryptographic Verification Military-grade encryption and integrity checks
Simple Integration Works with any backend or platform
ITU-T X.1280 compliant Internationally recognized standard for mutual authentication
Non-proprietary protocol Open, interoperable — no vendor lock-in, FIDO-complementary
Proven at scale Deployed across financial, government, and enterprise sectors
Trusted By

Deployed across leading enterprises.

Passwordless is trusted by major financial institutions, government agencies, and enterprises in Korea and beyond.

Get the App

Download Passwordless

Install the mobile app to approve login requests with biometric confirmation. Available on iOS and Android.

Download on the App Store
Get it on Google Play

Ready to eliminate passwords?

See Passwordless in action with our interactive demo, or learn more about the partnership behind it.

Try the Demo Learn More