Trying Out AuthWallet
AuthWallet are iOS and Android apps that allows users to respond to challenges sent from services.
It's part of Privakey's class defining Transaction Intent Verification suite - a user-friendly way to add password-free authentication and authorization to any service. Visit Privakey to learn more about how Privakey can transform your user interactions.
Other elements or our TIV suite include:
Privakey CX Server The CX server can be licensed and deployed in your own datacenter and brokers challenges from services existing services to their end-users.
Privakey CX Cloud Server - A cloud deployed CX server hosted in IBM's super-secure Hyper Protect infrastructure. Privakey CX Cloud lets services access the TIV suite without deploying and managing a Privakey CX Server of their own.
Privakey Libraries - iOS and Android libraries that allow services to add Privakey to their exisiting mobile applications.
The AuthWallet application enables the following core use cases:
- Bind an service account to AuthWallet
- Authorize challenges (including authentication)
Additional capabilities include:
- Service Management
- PIN Change and reset
- Biometric Management
Get the Application
Before beginning, get the application at the iOS App Store or Android Play Store.
Creating an Account on our Demo Site
In a real world implementation you would bind your Privakey AuthWallet app to, say, a financial institution that support Privakey TIV. In order to test the capabilities of the application we have deployed a demonstration service at https://demo.privakey.com This simple site will serve as a proxy for a real service during this test / demonstration. Do to current limitation in the demo site you should navigate to this demo site on a computer browser (not the device on which you've installed AuthWallet)
Beneath the large orange button there is a link to register a new account. Click on this and create an account. We ask for an email to both mimic a standard services userid process and to ensure a unique ID for users of this server. The email is not and will not be used for anthing other than the demo service.
Back on the phone
If you're launching the AuthWallet app phone for the first time (or have never bound a service) you will be presented with a flow to add a new service. Click through till you get to a QR scanner and scan the the QR code presented on your browser. You wil be asked to select a PIN. The PIN will be used if your device does not support biometrics, you have disabled biometrics on the device or if a biometric read fails.
Lastly, at this point you'll be promted to enable biometrics.
(If you've already bound Privakey use the menu and select Add Service; you won't have to set up a PIN because you've already instantiated one previously).
PINS and Local Biometrics are better than Passwords
In most authentication modalities PINS, while typically shorter and inherrently less entropic, are more secure than passwords. Why? Promperly implemented PINS are never stored on a remote server and are used computationally, locally on the device, ideally in secure elemeents, to verify a user. Conversely, passwords are stored remotely and must be transmitted to the remote server, which opens up a number of vulnerabilities hackers love to exploit.
Local Biometrics can be even better. Similarly, they're stored only on the user device and are used computationally to identify the user. In sophisticated implementations, which both iOS and Android implement, biometrics offer a strong blend of usability and security that is hard to beat.
Back on the browser, playing with AuthWallet.
Return to the browser, authenticate to our Demo Site and send yourself a few TIV challenges.
Logging in to the Demo Site
Now that your account has been bound logging in is stragiht forward. Enter the email address you used to create an account on the site a couple of steps ago and click the large Login button. You will get a notification on your device. Click on the notification, review the challenge and respond appropriately. Your authentication is now complete.
Send yourself some challenges.
Once authenticated you'll see some sample, canned challenges we've configued. Simply click on them to have them sent to your device. In an actual implementation these challenges would likely be generaged by rules engines or othe logic...but, this is just a simple demo.