Keyless: Privacy-Preserving Biometric Authentication
This page is an introduction to who Keyless are and what we do for businesses today, allowing you to navigate to the right place in our documentation for you.
Last updated
Was this helpful?
This page is an introduction to who Keyless are and what we do for businesses today, allowing you to navigate to the right place in our documentation for you.
Last updated
Was this helpful?
Keyless helps businesses authenticate their users through privacy-preserving facial biometrics. With one glance at a device’s camera, our technology provides multi-factor authentication in milliseconds and ensures that only the person who originally enrolled is able to authenticate their identity.
We call this genuine identity assurance.
Our documentation site is built f integrators, covering the following four core functional capabilities of Keyless:
To authenticate your users with Keyless, you must first enroll them by registering their face.
This can be done in two ways:
Live enrollment: Keyless provides a User Interface (UI) to create a biometric template, which future authentication attempts will be compared to. This involves capturing their facial biometrics and device details. Our passive liveness technology will also ensure the user is a real person.
IDV Bridge enrollment: This method is for businesses that already have already created a biometric template, typically using a selfie as part of a Know Your Customer (KYC) or Identity Verification (IDV) flow. The IDV Bridge leverages that template for future authentication attempts. This removes the need for live enrollment but still ties Keyless authentication to the user’s existing biometric template.
Find out more → Enrollment
Having enrolled your users, Keyless can be used to authenticate them a various steps in the user journey. This is done via a UI that confirms the user is the same as the one enrolled. With a glance at the camera, the user verifies their face and device for multi-factor security, and confirms their genuine presence using liveness checks. Typical steps in the user journey include:
Login
Step-up actions (eg. changing personal data)
Payment Authentication (using Keyless’ Strong Customer Authentication (SCA) and dynamic linking)
Find out more → Authentication
Given that half of Keyless multi-factor authentication proposition involves authenticating the user's device, we offer two options to help recover devices and accounts.
Enrolling a new device: where the device is not registed via enrollment, Keyless’ facial biometrics are typically used in combination with another 2nd authentication factor to enroll the new device. We therefore recommend that customers establish this via one of these such as a password, SMS One-Time Passwords (OTPs), or email magic links.
Managing multiple enrolled devices: customers can also use our API to retrieve and delete devices their users' identities have been bound to.
This allows users to have multiple devices enrolled, which in turn minimizes the cost and security consequences of losing a device and having to recover an account and customers often build an interface to manage this.
Find out more → Account Recovery
Using all of the three core components as above, Keyless also provides a suite of apps, integrations, and wrappers that are tailored for employee authentication:
Keyless Authenticator App: Enrollment and authentication via app-based push notification.
WebSDK: Enrollment and authentication via web browser (OIDC and SAML wrappers also available).
IAM & SSO Integrations: Seamless integration with existing Identity & Access Management and Single-Sign On providers.
Find out more
