Mobile Passwordless Authentication

Empower, delight and protect your users with
passwordless multi-factor authentication on their phone.

Frictionless Authentication For Mobile And Web Applications

Enable your users to turn their own phone into a secure hardware device and log into mobile and web apps. Mobile users can easily log into your app with a biometric scan on their own mobile phone, backed by a PIN. Web app users can scan a QR code or PIN, that triggers a secured push notification on their phone and confirm that notification by pressing that button.

Stop Account Takeovers Today

Fend off phishing, guessing, brute-forcing and man-in-the-middle attacks. Our solution stores public keys at the server, allowing the server to verify users but not to impersonate them.

Patented True Multi-Factor Authentication™ Technology

Our patented True MFA™ technology prevents an attacker who controls either the nextAuth server or the user’s mobile device from impersonating the user. Additionally, our technology ensures logins, authorizations, and signatures made with the nextAuth mobile SDK are non-repudiable. Here’s how:

Fully Brandable

You can give nextAuth your own colours. Deploy our white-label app as your own or easily implement our mobile SDK into your own app.

Guaranteed Non-Repudiation

The nextAuth technology enables your user’s to sign documents and confirm transactions in complance with eIDAS requirements. Our advanced assymetric public-key cryptography guarentees the authenticity of of signatures and makes them court-admissible.

Repel Push Notification Attacks

Our rate limiting feature limits the number of push notifications a user or a bad actor who impersonates a user can trigger. This eliminates the risk of a user being coerced into accepting an authentication request due to an extremely high number of push notifications.

Device recognition detects from which device a push notification is requested and only allows requests coming from a device that’s already been used. This makes it impossible for attackers to impersonate a user remotely and from a different device than the user usually uses.

Users are unable to trigger a new push notification after a prior one has been rejected. Our mobile authentication system requires users first log in with using a QR code before a second push notification can be requested. It is thus impossible to trigger many push notifications if the first one is rejected.

Seamless Integration And Wide Coverage

The nextAuth server runs either on-premise infrastructure or on your cloud. The RESTful API and integrated IdP via SAML or OIDC guarantee seamless integration into a wide array of applications and systems. Our dedicated integration specialists provide support throughout the integration phase.

Quickly Onboard Millions Of Users

The flexible technology, solid mobile SDK, and RESTful API allow your company to rapidly and seamlessly scale your app to new markets and quickly onboard millions of users.