Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Nothing to remember. Nothing to steal. You are the key.
Memorized secrets shared between user and platform, better known as passwords, are the biggest design flaw of the internet. Hackers have been figuring out ways to crack passwords since the sixties.
Today, cyber threats are growing increasingly sophisticated, yet the way we authenticate has not evolved. Instead of rethinking how to authenticate and identify users, cybersecurity has centered around bolstering the password so that it is less susceptible to security threats. Unfortunately, none of these solutions addresses the fundamental problem: so long as there is a “password”, there is something for hackers to guess or steal.
“Password fatigue” describes the overwhelming burden users experience when it comes to managing their accounts. With the average user having an estimated ninety separate accounts — mandatory password changes, and complex password requirements backfire — forcing users to choose weak passwords that they can easily remember.
One of the biggest security challenges with authentication over the decades has been how private credentials are managed. Generally, businesses and platforms store copies of our passwords, PINs and security questions, alongside our personal details. This practice of storing private information in centralized databases essentially creates “honeypots” of our personal data.
These entice hackers to execute large-scale cyber attacks and unfortunately, many attacks are successful, despite the best security efforts of the platform.
At Keyless, we use a combination of advanced cryptographic techniques to eliminate fraud, phishing and credential reuse — all while enhancing customer and employee experiences and protecting their privacy. Our biometric authentication solution offers multi-factor security across devices and platforms with just a look.
Keyless envisions a world where anyone can seamlessly access any digital service from any device, at any time, while keeping personal credentials safe, private and under control. Where the only key is you. A world that is Keyless.
The Keyless Authenticator app removes usernames and passwords from the authentication process, allowing users to login with their biometrics.
There is nothing to remember, nothing to type, nothing to lose or to forget. Nothing to remember, means nothing to phish - Keyless embeds strong anti-phishing technology to minimize the risk of fraud and user deception
Download and Install the app on your iPhone or Android Device
The Keyless Authenticator is available for download from the Apple App Store and in the Google Play Store.
The Keyless Authenticator is available only in the European an US App Store and Google Play Store. If your account is associated with a different region, you can change it using the following guides.
The Keyless Authenticator app does not support Huawei devices without Google Play Services.
A few things we need to be aware of prior to installing Keyless Windows Authenticator.
Add your first account by scanning a QR code.
Once you have successfully downloaded the Keyless Authenticator App, you can add you first account as described below. To add the account, click on the link you received via email from your company and follow the steps on the website. Watch this short video tutorial to see how to add an account before trying it out yourself:
Note that the webpage design may vary depending on your organization.
From Keyless Authenticator home screen we'll be able to manage our Keyless account.
We’ll assume that at this point we have Keyless Authenticator installed on Windows desktop, Keyless service and the Keyless Tray app are running.
Launch Keyless Windows Authenticator App
Click New Account button on Home screen
You’ll have two options to enroll with the IAM system configured:
This workstation: This app itself will act as Keyless authenticator
Your mobile phone: Your mobile phone will act as Keyless Authenticator, yu’ll need to download the Keyless app from App Store(iOs) or Google play (Android)
If we choose to continue with “This workstation” option, the app will take you to the logon screen for the configured Identity Provider (e.g. OnleLogin)
We’ll need to authenticate with our credentials (User ID/Passowrd) for the Identity Provider
On successful authentication the application will access your webcam and enroll with Keyless, we’ll see a notification message confirming that “Keyless account created successfully”.
We’ll see the enrolled account and devices appear on the home screen of the app.
If we choose to continue with “Your mobile phone” option, the app will take you to the logon screen for the configured Identity Provider (e.g. OnleLogin)
We’ll need to authenticate with our credentials (User ID/Password) for the Identity Provider
On successful authentication the application will display a QR code on the app itself
On your mobile phone launch the keyless app
Click Add Account button
Desktop app will dispaly a QR code and You’ll be asked to scan the QR code with your mobile device to enroll
Scan the QR code displayed on the desktop app
You’ll be prompted to look into the front facing camera and position your face appropriately by the mobile phone app
On successful completion of enrolment you’ll receive a notification on your mobile device also a confirmation message on the Home screen of the desktop application.
Learn how to authentication to Windows Workstation
Windows Passwordless login allow you to login to your workstation easily and securely without the need for a password. Follow the steps below to login.
On your first Keyless passwordless login attempt you will be required to enter your existing password. This is a one-time operation to maintain high security.
From your Windows lock screen and click "Sign in"
You will receive a push notification to your mobile phone. Clicking the notification will open the Keyless application.
Confirm your login attempt by clicking "Approve" in the Login Request Screen.
Authenticate by looking straight into the camera of your phone.
Windows Passwordless login allow you to login to your workstation easily and securely by adding Keyless as another layer of security on top of your Windows password. Follow the steps below to login.
If you wish to use Keyless "passwordless" mode and avoid the need to insert your password, please contact your IT administrator.
Enter your user password in the Windows lock screen and click "Sign in"
You will receive a push notification to your mobile phone. Clicking the notification will open the Keyless application.
Confirm your login attempt by clicking "Approve" in the Login Request Screen.
Authenticate by looking straight into the camera of your phone.
Offline Mode enables you to perform a workstation login when there is no internet connection. As described in the instructions below, it is up to you when to enable and disable offline login. Follow the steps below to login.
All users can enable and disable offline mode without escalated privileges.
Enabling and disabling offline mode is done via the Keyless tray application accessible on the tray bar:
By default, offline mode is enabled for all users on the specified workstation. To enable offline mode, the user should click on the Keyless tray icon and select "Enable Offline Access".
To ensure maximum security, once enabled, Offline Mode will be available for at at least 7 days and 10 login attempts. Once either of these criteria are met - Offline Mode will be automatically disabled and users will need to re-enable Offline Mode or use the standard "online" login.
Each successful "online login" will reset the counters back to 7 days and 10 login attempts.
If you wish to change the default values of 7 days and 10 login attempts, please reach out to Keyless customer support.
A given user can view the current status of his "offline access" by clicking on the "Show Status" option form the Keyless tray app:
Offline Status: Enabled or Disabled
Offline Sessions Remaining: the number of consecutive offline logins left for the given user on the given workstation. Resets on a successful "online" login.
Offline Time Remaining: the amount of time left for the given user on the given workstation for offline access. Resets on a successful "online" login.
After enabling Offline Mode, follow the steps below to login when offline.
From the Windows lock select the "Offline Login" checkbox (please note that if you are using Password+Keyless mode you will first need to enter your password).
Scan the QR code with your Keyless mobile app by clicking on the image of the QR code next to the account name inside the Keyless app.
Scan the QR code using the Keyless app. This will generate an 8 digit one-time passcode.
Insert the 8-digit passcode into the password input box on your workstation.
Learn how to authenticate to desktops using RDP.
Keyless authentication will be used for RDP sessions into all workstations that have the Keyless Workforce Access Client installed.
Keyless authentication will be used only for users that are not excluded from Keyless for the specific workstation.
Using the Remote Desktop Protocol application on your workstation or via the command line, initiate an RDP session for a Keyless-enabled user to a Keyless-enabled workstation:
Once connected, you will be prompted with a message to authenticate on your mobile device.
Authenticate on your device:
Access the workstation:
Authenticate using the Keyless Windows client
From a browser open a web page that is configured to use Keyless authentication
Click on Login with Keyless icon: depending on your configuration Keyless may be the default option for authentication, in that case this step is skipped altogether
Browser will redirect to Keyless and ask you to enter your Keyless user name
Click Continue on browser
This will fire up the Keyless tray app with a Login Request notification that will display your user name and the provider that is requesting authentication
Click Approve
You’ll be prompted to look into the camera, Keyless will perform biometric authentication
On successful authentication Keyless app will disappear and browser will follow on to the site with an authenticated session
How to troubleshoot common issues
Make sure that you are running the latest version of Keyless Authenticator by visiting the Apple App Store or the Google Play Store on your smartphone.
If you are unable to install the app, please make sure that your smartphone is updated to the latest version of the operating system supported by your device. Keyless authenticator requires:
iOS version 13.4.1 or newer (recommended), or iOS version 12.4.6, or
Android version 6 (API level 23)
To install the app, you need at least 300 MB of available space on your device.
At the moment, the Keyless Authenticator app is available only in the European and US App Store and Google Play Store. If your account is associated with a different region, you can change it using the following guides:
If you are unable to enroll or authenticate, make sure that:
The Keyless Authenticator is able to see your face. Your face should be completely contained within the on-screen preview during enrollment and authentication, and should not be covered by your hair, a scarf, or a hat. Make sure that there is enough light in the room for your camera to see your face.
Your smartphone is connected to the Internet. Keyless Authenticator requires a reliable Internet connection to authenticate to online services. Workstation login does not require online mode - please refer to the End User Guide to enable offline mode.
You are using a supported operating system and Web browser
Keyless support the following browsers:
Chrome 65 or later (Windows 8 or later, MacOS 10.12 (Sierra) or later, or Ubuntu Linux 18.04 or later)
Firefox 55 or later (Windows 8 or later, MacOS 10.12 (Sierra) or later, or Ubuntu Linux 18.04 or later)
Safari 11 or later (Mac OS 10.12 or later)
Microsoft Edge 75 or later (Windows 10)
Mircosoft Internet Explorer 11 (Windows 8 or later)
Chrome 78 or later (Android 7 or later)
Safari 12 or later (iOS 12.4 or later)
If the problem persists, unlink your device and re-add it to your external account.
If the Keyless Authenticator is unable to scan the QR code, make sure that:
The camera on the back of your smartphone is facing the QR code.
The QR code covers the entire square frame on the smartphone screen when the QR code scanner is open
The smartphone and the QR code are not moving or shaking
There are no other windows on the screen partially covering the QR code
You are scanning the QR code using Keyless Authenticator, rather than the smartphone’s default camera app or a different QR scanner
If the problem persists, please see platform-specific help for iOS and Android below, and contact us at https://support.keyless.io.
Keyless Authenticator on Android
This page lists common ways to address enrollment and authentication failure scenarios under Android. If the Keyless Authenticator is not working as expected, please follow the procedures indicated below. After each procedure, you can try using the Keyless Authenticator again to see if the issue you experienced is now resolved.
Always make sure that you are running the latest version of Keyless Authenticator by visiting the Google Play Store on your smartphone.
Force Quit Keyless Authenticator
Long-press on the Keyless Authenticator icon, and tap “App info”
Tap “Force stop”, and confirm
Restart your Device
Long-press the power button located on the side or the back of your device.
Tap on “Restart”, if available, or “Power off”
If you tapped on “Power off”, wait 30 seconds and then turn your device back on pressing the power button.
Reinstall Keyless Authenticator
Long-press on the Keyless Authenticator icon
Tap “App info”
Tap “Uninstall”, and confirm
Reinstall Keyless Authenticator from the Google Play store
Force-quit Keyless Authenticator
Long-press on the Keyless Authenticator icon, and tap “App info”
Tap “Force stop”, and confirm
Restart your Device
Long-press the power button located on the side or the back of your device.
Tap on “Restart”, if available, or “Power off”
If you tapped on “Power off”, wait 30 seconds and then turn your device back on pressing the power button.
Reinstall Keyless Authenticator
Long-press on the Keyless Authenticator icon
Tap “App info”
Tap “Uninstall”, and confirm
Reinstall Keyless Authenticator from the Google Play store
Keyless Authenticator on iOS
This page lists common ways to address enrollment and authentication failure scenarios under iOS. If the Keyless Authenticator is not working as expected, please follow the procedures indicated below. After each procedure, you can try using Keyless Authenticator again to see if the issue you experienced is now resolved.
Force-quit Keyless Authenticator
Swipe up from the bottom of the screen and hold
Swipe up on the Keyless Authenticator card to flicking it off the screen
Restart your Device
Press and hold either Volume Up or Volume Down and the Side button for a few seconds
Drag the slider to the right, then wait 30 seconds for your device to turn off
Turn your device back on by pressing and holding the side button until you see the Apple logo
Reinstall Keyless Authenticator
Touch and hold the Keyless Authenticator app
Tap Delete App
Tap Delete
Force Quit Keyless Authenticator
Swipe up from the bottom of the screen and hold
Swipe up on the Keyless Authenticator card to flicking it off the screen
Restart your Device
Press and hold either Volume Up or Volume Down and the Side button for a few seconds
Drag the slider to the right, then wait 30 seconds for your device to turn off
Turn your device back on by pressing and holding the side button until you see the Apple logo
Delete Linked Account
Open Keyless Authenticator app
Tap on the account you want to delete, and swipe all the way to the left
Authenticate to confirm account deletion
Reinstall Keyless Authenticator
Touch and hold the Keyless Authenticator app
Tap Delete App
Tap Delete
Always make sure that you are running the latest version of Keyless Authenticator by visiting the on your smartphone.
Reinstall Keyless Authenticator from the
Reinstall Keyless Authenticator from the
Install Keyless Windows Authenticator (KWA) app on your windows desktop or laptop and authenticate using builtin Webcam or external USB webcam.
Seamless secure biometric authentication from your desktop/laptop.
How to install Keyless Windows Authenticator
As part of the installation package you’ll receive an encrypted zip file (alongside the installer executable) containing a JSON file with the configuration parameters required to configure KWA desktop app. A summary of the configuration parameters below:
Start installation by running the installer executable provided
Accept the end user license agreements
Choose an installation directory (default being c:\Program Files\Keyless Technologies\)
On successful completion of the installation you’ll be presented with the configuration screen
Click load JSON button at the bottom to select the JSON configuration file extracted from the encrypted archive provided
A brief description of the configuration parameters is in the table above, specific parameters for your installation will be provided by Keyless.
On successful completion of the installation we are able to verify the following:
Keyless WIndows Authenticator is available from Windows application menu
Ensure that Keyless Authenticator service is running
Keyless tray application is active on the desktop
You have successfullyinstalled Keyless Windows Authenticator application
Three pieces of software that will get installed on the Windows Workstation:
Keyless Windows Authenticator App: The Base UI Component
Keyless Authenticatior Service: Background process responsible for communication with Keyless network and backends
Keyless tray Application: UI Component handling Desktop notifications
Keyless Authenticator App is available and can be launched
Keyless Tray App now available
Keyless Service
Parameter | Description | Example |
---|---|---|
Identity Provider Configuration
IdP Server URL
Enrolment URL
https://enroll.keyless.io
Keyless Middleware Configuration
API Key
API Key for Keyless Middleware servers
nnnnnnnnnnn
Service Host
Keyless Middleware host
example.keyless.io
Service Port
Port number
443
Tenant
Your Keyless tenant ID
Keyless
Keyless Network Configuration
API Key
API key for Keyless network services
-
Connections
Connection URLs to Keyless Network Servers
svr1.keyless.io:5000,svr2.keyless.io:5000,svr3.keyless.io:5000
Backups allow you to recover your account in case:
You lose access to your device.
You reinstall the Keyless app.
To enable the backup functionality, please make sure that you have the most updated Keyless App from the App Store and follow the steps below:
Make sure that iCloud Drive (iOS) or Google Drive is enabled on your device and you have enough space to perform the backup (at least 1 Mb):
Go to Settings - [Your Name] - iCloud - and make sure iCloud Drive is enabled.
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”.
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
To enable the backup functionality, please make sure that you have the most updated Keyless App from Google Play and follow the steps below:
Make sure that you have enough space on Google Drive to perform a backup (at least 1 Mb)
Open the Keyless app and click the gear icon in the top right corner to go to “Settings”
Check "Enable Backups" and wait a few seconds for the operation to be completed successfully.
KEYLESS TECHNOLOGIES LIMITED is a company incorporated and registered in England and Wales with company number 11362854 whose registered office is at 9th Floor 107 Cheapside, EC2V 6DN, London, UK (“Keyless”, “we”, “us” or “our”).
This is the Privacy Policy (PP) for Keyless, covering privacy of all personal data that we control as Data Controller or handle as a Data Processor (“Policy”).
Keyless accepts that your privacy is of prime concern to our overall strategy, so is committed to demonstrating the highest standards in dealing with our customers and other business partners.
When you are using our services, products and electronic media, we may collect, process and/or disclose data that identify you or make you identifiable (“Personal Data“) in accordance with this Policy.
This Policy is meant to tell you about which Personal Data we collect, store, process, use and/or disclose, for which purposes, and on which legal basis. Further, we inform you about your rights to protection of your Personal Data.
In the course of our business, we provide mobile apps, software development kits (“SDKs), our website, and related online and offline offerings (collectively, the “Services”). We provide these Services under contract with organisations (our “Customers”).
Our Customers can use our SDKs to build their own applications, use our apps, and can also use protocols, all of which may interact with parts of our Services. These applications can collect data from the users of those apps (“Users”), and the protocols and SDKs can also collect and/or transmit data related to the Customer’s users of these applications to our Services.
In addition, if you use our Services on behalf of an organization (for example your employer), your Personal Data will be subject to that organization’s privacy policy.
Further, we may receive your Personal Data directly from you when you are sending emails to us, or when you provide your Personal Data otherwise in the course of other interactions with us. We may also receive Personal Data indirectly from third parties who legally provide Personal Data to us.
We have responsibilities to you directly as a Data Controller when we receive your Personal Data directly from you.
We may have responsibilities to our Customers as Data Processors when they use our Services. When we process your Personal Data under the instruction of a Customer, we do so under the terms of a separate agreement with the Customer. We seek to align each such agreement with this Policy.
In some cases, the Customer’s use of our Services is such that we do not need to process Personal Data. In this case, we do not act as a Data Processor for the Customer.
We collect your Personal Data directly from the country where you are and we store it on servers inside the EU/EEA. Our Services store Personal Data on services inside the EU/EEA.
We may process your data outside of the EU, for example when we use third party services. Regardless of where we process it, we will always seek to conform to EU levels data privacy and data protection standards. If you have questions, please write to us at gdpr@keyless.io.
This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law.
We encourage you to read this Policy carefully, and to check this Policy regularly in order to review any changes we might make.Your continued use of our Services or of the website constitutes your agreement to be bound by this Policy, as amended or updated from time to time.
If there are any material changes to this Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
The categories of Personal Data about you that we may Process include:
Personal details: name, gender, date of birth / age, nationality, passport or national ID number, social security number, tax identification number;
Contact details: address, email address, telephone number, social media account details;
Biometric authentication information, when you use our Services for biometric authentication: Keyless ID, one-way encrypted biometric information, encrypted key information, and other information identify you to our Customer;
Account Information when you create an account with us to use our non-biometric Services: username and password.
Financial details: bank information for payments, credit card information for payments, utility bill, credit report;
Employee details: including educational background and details of previous employers;
Corporate details: name, place of registration, registration number, details with respect to articles of association and other similar documents / certificates, details with respect to shareholders and/or beneficial owners (including their personal and contact details); and
Technical information of your device which you use for communication (cell phone, tablet, notebook, personal computer, etc.), for example, device type, IP address.
We may collect Personal Data about you from the following sources:
When you contact us via email, telephone or by any other means;
In the ordinary course of our relationship with you (e.g., Personal Data we obtain in the course of administering your payments);
When we provide you with access to our documents and products (e.g., to download documentations about our Services);
Where you have chosen to make such Personal Data public, including via social media profiles;
When you visit any of our websites or use any features or resources available on or through our websites; and
When you submit your resume/CV to us for a job application.
Note that when you visit our website or use our other Services, your device and browser may automatically disclose certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to a website and other technical communications information), some of which may constitute Personal Data.
In the course of your interaction with us, we may keep records of your interactions with us and details of your transaction history.
We may also keep records associated with Users of a Customer in the course of their use of and interactions with our Services.
If you are a user of one of our Customers who uses our Services, we will automatically collect information about your IP address, device type, user settings, operating system version, Keyless ID, one-way encrypted biometric information, and encrypted key information.
If you use our Services on behalf of an organization (e.g. your employer), that organization may provide us with information about you so that we can provision your account.
If you use an app as part of one or our Customer’s services (e.g. to authenticate to those Customer services), our Customer may provide us with information about you so that we can provision your account.
We use your Personal Data to grant you access to and to enable you to use our Services, and also to provide, maintain and improve our Services. We use this Personal Data only if and as long as we have received your explicit prior consent and in accordance with respectively applicable additional legal requirements in your jurisdiction.
We use your information that you have provided directly to us for a variety of business purposes, including:
To provide the Services or information requested:
Fulfill our contract with you or the organization on whose behalf you use the Services;
Manage your information;
Respond to questions, comments, and other requests;
Process payment card and/or other financial information to facilitate your use of the Services;
Provide access to certain areas, functionalities, and features of our Services; and
Answer requests for customer or technical support.
For administrative Purposes:
Pursue legitimate interests, such as direct marketing, research and development (including marketing research), and network and information security;
Measure interest and engagement in the Services;
Develop of new products and services;
Improve our products and Services;
Assure internal quality control and safety;
Authenticate or verify individual identity;
Carry out audits;
Communicate with you about activities on the Services and changes to our agreements;
Prevent and prosecute potentially prohibited or illegal activities;
Enforce our agreements; and
Comply with our legal obligations;
We do not sell your Personal Data to third parties.
We use Personal Data obtained through our Customers only in association with the operation of our Services to them, and under their instructions.
We process your Personal Data according to our Security Policy.
We may process your Personal Data using our third-party service providers.
Third-party Processors
When we involve third party Processors in the performance of our services and contractual obligations and such involvement requires the sharing of Personal Data, we have entered with our third party Processors into data processing agreements according to Art. 28 of the European General Data Protection Regulation (“GDPR”) and, as far as required, further appropriate safeguards according to Art. 46 – 49 GDPR.
The categories of service providers to whom we entrust personal information include service providers for:
the provision of the Services;
the provision of information, products, and other services you have requested;
marketing and advertising;
payment and transaction processing;
customer service activities; and
the provision of IT and related services.
The list of third party Processors to which we disclose your Personal Data can be requested by email to gdpr@keyless.io.
Specifically we can already name the following Processors:
AWS:
To store your personal data, we are also using services provided by our data processor Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States (“AWS”).
For further information, please see AWS’s Privacy Policy.
Google LLC:
To store personal data, we use Google’s services GSuite and Google Cloud, which are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
For further information please see Google’s Privacy Policy.
DocSend:
To store your personal data, we are also using a service provided by DocSend, Inc. at 351 California St., STE 1200, San Francisco, California, 94104, United States, in compliance with the EU-U.S. Privacy Shield Framework.
For further information, please see DocSend Privacy Policy.
DocuSign:
To store your personal data, we are also using a service provided by DocuSign Inc., located in the United States at 221 Main Street, Suite 1550, San Francisco, CA 94105, United States.
DocuSign may transfer your personal information outside of your jurisdiction for further processing. DocuSign has adopted Binding Corporate Rules to facilitate the transfer of personal information from the EEA to DocuSign outside of the EEA. You may view their Binding Corporate Rules here and here.
For further information, please see DocuSign Privacy Policy.
Mailchimp:
To store your personal data, we are also using mailchimp, a service provided by our data processor Rocket Science Group LLC, located in the United States at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States, in compliance with the EU-U.S. Privacy Shield Framework.
For further information, please see Mailchimp’s Privacy Policy.
We may also disclose your Personal Data to third parties who are not Processors in terms of Art. 28 of the GDPR.
The categories of such Non-Processors are: banks, credit agencies and other financial and/or payment service providers.
We do not seek to collect or otherwise process your Sensitive Personal Data, except where:
the Processing is required or permitted by applicable law (e.g., to comply with our diversity reporting obligations);
the Processing is necessary for the detection or prevention of crime (including the prevention of fraud);
the Processing is necessary for the establishment, exercise or defence of legal rights; or
we have, in accordance with applicable law, obtained your explicit consent prior to Processing your Sensitive Personal Data (as above, this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way).
Only Google Analytics and YouTube set cookies associated with our Services.
Please see the cookie policies of our third-party Processors for details of the cookies that they may set:
DocuSign
Zoho
If you have ‘Do Not Track’ activated in your browser, or if you rejected our cookie banner, we don’t collect any information and won’t let Google set any cookies in your browser.
If you do not want to allow us to use Cookies, you can disable Cookie installation via your browser setting or refuse the installation of Cookies when prompted to this effect. You also have the option of deleting Cookies from your computer’s hard disk at any time.
We may send you push notifications through our mobile application.
You may at any time opt-out from receiving these types of communications by de-enrolling with our Service using the application, by uninstalling the application, or by changing the settings on your mobile device.
We do not collect location-based information if you use our mobile applications.
We need your Personal Data to provide our Services to you and/or perform our contractual obligations towards you (e.g. through our Customers). Without providing such Personal Data, we may not be able to provide you the services you are intending to receive.
We may transfer your Personal Data to our business partners:
- KEYLESS TECHNOLOGIES S.R.L, a company incorporated and registered in Italy with company Startup Innovativa no. 14880901005 whose registered office is at Via Matteo Bartoli 302, Roma, Italy; and
- KEYLESS TECHNOLOGIES PTE. LTD., a company incorporated and registered in Singapore with Company No. 201904868C whose registered address is at 6 Eu Tong Sen Street #12-17, The Central, Singapore (059817).
We may transfer your Personal data to a business partner in order for us or our business partners to provide the Services or information requested, or for administrative purposes.
You have the right to request access to, and rectification or erasure of, your Personal Data, or restriction of their Processing.
Furthermore, you have the right to object to Processing as well as to request data portability.
If you are in the EU you have the right to file a complaint to the responsible European Data Protection Authority.
In Processing your Personal Data in connection with the purposes set out in this Policy, we may rely on one or more of the following legal bases, depending on the circumstances:
we have obtained your explicit prior consent to the Processing (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way);
the Processing is necessary in connection with any contractual relationship that you may enter into with us;
our Customer instructs us to do the Processing under the terms of an agreement we have with them;
the Processing is required by applicable law;
the Processing is necessary to protect the vital interests of any individual; or
- we have a legitimate interest in carrying out the Processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
Any consent is provided freely. If you give your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of Processing based on consent before its withdrawal. After your withdrawal we will stop to Process your Personal Data, including storage. This paragraph is only relevant for Processing that is entirely voluntary – it does not apply for Processing that is necessary or obligatory in any way.
To withdraw your consent, please send us an email or a letter. Our contact details are shown below.
The Services are not directed to children under 17 (or other age as required by local law), and we do not knowingly collect personal information from children. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information.
For any requests you can contact us as follows: Name: Keyless Technologies Limited Address: 9th Floor 107 Cheapside, EC2V 6DN, London, UK Phone Number: Tel: +44 20 7862 4600 E-mail: gdpr@keyless.io
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Helpline number: +44 303 123 1113
- ‘Controller’ means the entity that decides how and why Personal Data is Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
- ‘Customer’ means an organisation that contracts with us to use one or more of our Services.
- ‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
- ‘EEA’ means the European Economic Area.
- 'GDPR’ means European General Data Protection Regulation.
- ‘Personal Data’ means information that is about any individual, or from which any individual is identifiable. Examples of Personal Data that we may Process are provided above in this Policy.
- ‘Policy’ means this Privacy Policy.
- ‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- ‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
- ‘SDK’ means ‘software development kit’ which is a set of software artifacts that you can use to provide capabilities in your programs, and which communicates with other Services.
- ‘Services’ means any services provided by Keyless.
- ‘Sensitive Personal Data’ means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, or any other information that may be deemed to be sensitive under applicable law.
- ‘User’ means a user of one of our apps or of our Customer’s apps that use our Services.
Authenticate using the Keyless Authenticator
After you have linked an account, you can authenticate using the Keyless App. To authenticate, the service you linked will send a push notification to Keyless Authenticator on your smartphone.
Authentication is simple and fast, with a consistent user experience no matter which service you are authenticating to.
Delete your Keyless Account
To disenroll from Keyless: launch Keyless desktop application
Click on Delete button next to the account you want to disenroll
You’ll be prompted to look into the camera.
You’ll receive a message on the app itself to confirm that your Keyless account has been deleted
To Delete your account from mobile Phone App please follow the steps described here:
Delete your Keyless Authenticator Account
You can delete your Keyless Authenticator account at any time. Deleting your account will remove any of the accounts. However, you will not be able to authenticate to your accounts if the Keyless Authenticator is required for access.
Please check with your IT administrator of the linked accounts before deleting your data.
Tap on the gear button on the main screen to open the Keyless Authenticator settings panel
To delete your Keyless data, tap the red “Delete Keyless Data” button on the bottom.
Keyless Authenticator will ask you to confirm by authenticating using your face. To complete this process, make sure that your face is not covered by your hair, a mask, or a hat.
Answers to commonly asked questions.
The Keyless Authentication App is a standalone mobile app that enables users to seamlessly use their mobile devices to authenticate on websites, services, and external providers. See the Keyless Authentication App Offering for more details.
The Keyless network comprises of different server nodes which store the encrypted secret key and biometric information of the users. They interact with the user devices to compute the ‘closeness’ between stored biometric templates and the authentication samples of the users.
Keyless secures user data, keys, and identities without the use of passwords and enables users, customers, and workforce to seamlessly and securely authenticate to online services, websites, and providers. Keyless provides the convenience of a unified experience across multiple devices where the user can use their biometrics for authentication and, optionally, key management.
Usability, security, and privacy. Keyless protocol allows a user to authenticate using facial features from any of the user’s devices, without having to remember any passwords or PINs, and interacting with systems like digital payments and online banking. It is designed to support several biometric modalities (e.g., fingerprints, iris, retinal scans, and behavioral biometrics), which will be included in the future.
The user keys and data, including the biometrics used for biometric authentication, are stored on Keyless server nodes in a secret-shared and encrypted fashion. The user device, together with their biometrics, is the only way to legitimately access secret keys and biometric information. Nobody else can access the user information or biometrics, not even the Keyless network.
This approach does not contain the typical central honeypot with user information that could be stolen during a data breach.
In the case where you do not have internet connectivity on your phone, your workstation or both, you can use the Keyless Offline Mode to login. This is done by simply scanning a QR code on the workstation and inserting a TOTP generated by the Keyless Authenticator app.
Keyless uses a decentralized PIN to enable offline mode. This pattern does not rely on a shared secret model that is centrally stored and vulnerable to attacks. This is done by simply scanning a QR code on the workstation and inserting a TOTP generated by the Keyless Authenticator app. Offline mode can be enabled and disabled by the end user or by the administrator.
Backup allows Keyless users to recover their account even if they've deleted and re-installed the Keyless app - without the need to re-enroll and without storing any biometric data.
Keyless users may backup their account through the Keyless mobile app as described in the End User Guide. The backup is less than 0.5Mb in size and is stored in the user's personal cloud account. It does not contain any personal biometric data.
The Keyless app will automatically prompt the user to recover his account when installing the app when it identifies that a backup has been previously created for this specific user.
Yes, every Keyless user can have multiple associated devices. The user is required to enroll to Keyless just once, and can then add any other device - regardless of its hardware and operating system. Enroll once, user everywhere!
If you would like to embed the Keyless authentication experience in your own branded mobile app, then you can use our Mobile SDK.
Keyless supports SAML, OAUTH2, and OIDC.
The apps can either choose the set of nodes from the network randomly or based on enterprise policies. The policies can be pre-defined before the instantiation of the protocol. If needed, the policies can also be updated and correspondingly the user can interact and send the encrypted shares to the new set of nodes in the network after the policy update.
The seed value and the biometric template are shared using Shamir’s Secret Sharing among the Keyless nodes. The secret sharing scheme is chosen so that
each of the secrets is split into several pieces. A number of these pieces is required to reconstruct the secret. Each share is encrypted and then stored on one node. No information is disclosed if one has access to less than the required number of shares.
The Keyless protocol specifies the cryptographic operations carried out on the user device such as secret sharing and encryption of seed and the biometric template along with the different mechanisms for interaction between the user device(s) and the Keyless network nodes.
Keyless secures user data, keys, and identities without the use of passwords and enables users, customers, and workforce to seamlessly and securely authenticate to online services, websites, and providers. Keyless provides the convenience of a unified experience across multiple devices where the user can use their biometrics for authentication and, optionally, key management.
In order to attempt to spoof the system using compromised user-biometrics, the attacker also needs access to the enrolled trusted device of user. The Keyless Network checks if it the device is enrolled and is authenticated every time the user tries to authenticate themselves to the system. So, the spoof attempt needs to be performed before the stolen device is revoked by the user. Additionally, Keyless uses liveness detection techniques to detect and blocks spoofing attempts.
This is to mitigate a common and major attack vector where the adversary tries to attack the system from their own device. The adversary can not use any device that has not been enrolled to authenticate to the network, the device needs to be enrolled first and authenticated every time the user tries to interact using the enrolled device with the Keyless network. The device effectively acts as a two-factor authentication token.
To perform a Denial-of-Service attack, the attacker needs to perform such an attack on all the Keyless nodes simultaneously however such an attack is extremely difficult because of the distributed nature of the Keyless network. As long as a threshold number of servers are available, the availability of the Keyless network is ensured.
Currently, Keyless supports face recognition. However, the protocol is designed to allow several biometric modalities including fingerprints, iris scan, and retinal scan.
This is to mitigate a common and major attack vector where the adversary tries to attack the system from their own device. The adversary can not use any device that has not been enrolled to authenticate to the network, the device needs to be enrolled first and authenticated every time the user tries to interact using the enrolled device with the Keyless network. The device effectively acts as a two-factor authentication token.
Keyless automatically updates the user’s biometric template over time to account for natural changes in the user physiology and appearance. The Keyless network accepts updates to the user template only after successful authentication.
Keyless captures the facial features and extracts embeddings from the captured face using a neural network, the extracted embeddings are used for seed and key generation. The biometrics are as reliable as the capture and extraction of features are.
Keyless supports modern liveness detection techniques to detect that a picture is in front of the camera, and rejects the authentication attempt. These techniques seek to allow a biometric system to determine whether the biometric data used for authentication is from a living person, rather than from a photo, a mask, or a video. Liveness detection can be passive or active.
With passive liveness detection, a face recognition system uses minute face movements due to breathing and natural changes in expression to determine that the biometric data being extracted is from a live individual rather than a photo or a mask.
Active liveness detection involves a challenge-response mechanism: the authentication system asks the user to perform a randomized set of actions (e.g., look up, look left, blink twice), and checks whether the user has performed these actions correctly. These mechanisms prevent the use of pre-recorded videos of the legitimate user for the purpose of circumventing an authentication system.
Yes, Keyless conforms to the GDPR principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability. The user knows the flow of all his information in the system and so Keyless is transparent and lawful. The user biometric data is encrypted and shared among all the servers, the servers do not (and cannot) use the encrypted shares for any other purpose except storing meeting the second principle. The user stores no more information than what needs to be stored. The information stored in the system is updated by the user, its accuracy and updates are all controlled by the user and Keyless does not process or utilize the stored information in anyway. The different cryptographic tools used in the Keyless protocol ensure that the data remains confidential and is available to the user at all times.
Keyless uses secure multi-party computation to match the template with the authentication sample. Specifically, the Keyless protocol implements “comparison” between encrypted biometrics, and the secure multiparty computation together with biometric extraction is optimized to work in tens of milliseconds.
Biometric matching is performed on our nodes, rather than on a device that is potentially in the hands of the adversary. There are several security issues associated with local authentication: (1) the authentication result cannot be trusted in the network, and therefore cannot be trusted by the network, for instance, to release shares of cryptographic keys; and (2) if the device is physically in the hands of the adversary, it is possible to bypass authentication by editing the content of the device’s memory. Keyless addresses these and other issues by performing matching in the network, rather than locally on the user’s device.
We understand there can be situations where you'd prefere to manage the Keyless Stack yourself instead of relying on Keyless Infrastructure to do the heavy lifting.
For this reason we're making available to customers the possibility to deploy Keyless services on Kubernetes. To do so please check out the link below