Our secure Authenticator app was built from the ground up with security by design, privacy by design and convenience in mind. It was made by developers for developers. Our custom PAM module is built following the NIST standards and is available as a separate download.
A hardware generated key is stored inside smartphone's HSM chip such that it cannot be extracted. Only you can access it by unlocking your smartphone with your preferred unlock method including biometrics (fingerprint, faceID, etc.).
Using key-based authentication, no passwords and two factor authentication, has undoubtedly become the de-facto standard today to secure and harden your servers when remotely accessing them via SSH. However, current 2FA authentication solutions are based on shared knowledge and require users to type in six-digit TOTP codes on every authentication or even with every transaction made with the servers.
Multi Factor authentication without having to enter 6-digit codes.
Access your servers as usual via SSH command in the terminal and approve the login on your smartphone. Your device lock (e.g. Fingerprint, FaceID) acts as your second factor. No time-based codes that expire, no manual entry.
Using the SSH Authenticator enables strong authentication by default.
When using the SSH Authenticator, every transaction such as authenticating to the server or authorizing file changes, multiple factors are used (e.g. biometric and possession of the smartphone).
Say goodbye to phishing and weak, knowledge-based factors.
With the SSH Authenticator and the PAM module by IDEE, it is impossible to hijack a user account without physical access to the smartphone and the strong factor used to protect access to the device (e.g. Fingerprint, FaceID). There are no credentials or shared knowledge stored on servers or known to the user that attackers can obtain or phish.
Even administrators can't know your login credentials.
IDEE's SSH Authenticator operates using fully decentralized credentials, stored inside the secure element of your smartphone. Administrators don't know your credentials and the credentials cannot be leaked.
Spot and end any unwanted or forgotten session directly in the app.
Forgot to log out or spotted a suspicious session to your servers? End any active sessions directly in the app. The session will be terminated immediately.
Get verifiable assurance with every authentication.
Unlike other authenticators, SSH Authenticator by IDEE provides a verifiable assurance of the user that authenticates to the server in the authentication response. This way you can rely on the integrity, non-repudiation and provenance of the authentication.
Automatic synchronisation to multiple devices for all connections.
Use multiple devices as authenticators without having to manually add every server on every authenticator. When you add a new device, all existing connections are activated on your new device, as well. No re-enrolling, no QR codes or manual key entry required.
Easily recover access to all your servers in case a device is lost or stolen.
Typically, if you lose your Authenticator Device you’re screwed. Our back-up features with decentralized keys and backup codes ensure that you can independently restore your access to new devices . No helpdesk or administrator involvement required.
A user experience that is super seamless, flexible and just overall awesome.
We build the complete process with users in mind. Users get a simple one click authentication experience while maintaining the strongest level of security. A great user experience and exceptional security can go hand in hand, after all.
Require multiple users to authorize e.g. to make changes to files.
Securely authenticate to embedded systems such as Armbian or Raspbian.
Our zero knowledge solution does not store any PII about users, however we can provide access log details that when combined in your identity or user management will allow you to create an audit trail of past actions. Coming soon the audit trail will make use of our existing blockchain infrastructure to become immutable.