AuthN by IDEE

Kiosk MFA

Revolutionizing secure access for shared devices with MFA 2.0.

Request a Demo
Architecture

Traditional shared-device authentication is flawed by design.
So we revolutionized it.

Step into a world where secure access is instant, phishing is powerless even on shared devices.

What we removed from the equation
NFC Cards & Hardware Tokens
Lost, forgotten, and impossible to manage at scale
Shared Passwords Between Shift Workers
One compromised shared password cascades across every connected system
Slow Windows Login Cycles
Daily operations stalled by shared PCs at shift change
IT Helpdesk Lockout Calls
Forgotten credentials on shared devices flood the helpdesk every shift change
High Maintenance Overhead
NFC cards and hardware tokens require constant procurement, replacement, and IT management cycles that never end
What replaced them

The shared device itself becomes the authenticator. Users register once with their secret and a device PIN. That's it.

Every subsequent login both on that device or any Kiosk device becomes a two-second unlock. No card, no phone, no code.

Powered by TPM/Secure Enclave, AES-256-Bit & ECC-512 encryption, and Post-Quantum Cryptography using NIST ML-KEM hybrid mechanisms.

Kiosk MFA

The Architecture behind Kiosk MFA

No shared secrets. No external hardware. Every login cryptographically bound to one individual. On any shared device.

Kiosk MFA is built on MFA 2.0
Four factors that render
Credential theft
Obsolete.

Built on public-key cryptography, there is no password on the network to steal, no push to approve, no code to intercept. Shared devices now have individual cryptographic identities for each individual.

Keys stored in TPM / Secure Enclave
Cryptographic keys are hardware-bound and never extracted or transmitted.
No cards. No phones. No tokens.
Register once with a secret and device PIN. The shared device becomes the authenticator for that individual.
Deploys in minutes. No agents.
Rolls out across all shared devices with no hardware procurement and no ongoing maintenance cycles.
Post-quantum cryptography
AES-256-Bit & ECC-512 encryption with NIST ML-KEM hybrid mechanisms. We are ready for the Post-Quantum Cryptography (PQC) world.
How It Works

Register once. Access any Kiosk device instantly.

Step 01

Register on any Kiosk device (desktop or handheld) once

In just a few seconds

Step 02

Unlock any Kiosk device with secret & device PIN

Log in securely with MFA 2.0 — in seconds

User unlocks device with their secret and device PIN to register for the first time
Cryptographic device private key + user secret registers the user
Device is now an authenticator
Logged in securely without NFC cards, phones, or tokens
Fast Deployment
Live in under 15 minutes
No-code configuration
Supported on all devices made since 2016
Loved by IT
4.8/5 on G2 Reviews
No agents, no hardware, no maintenance
Eliminates token provisioning headaches
Prevents credential phishing and MFA bypass
Works on any device made since 2016
Loved by Users
Switch users in seconds — not minutes
Register once for any Kiosk device
No NFC card, phone, or token needed
Security Transformation

The difference one deployment makes.

Day 0
Before Kiosk MFA
Day 1
After Kiosk MFA
Credential Phishing
Fake login pages harvest shared workstation credentials instantly
Phishing: Structurally impossible
No password exists on the network. Phishing returns nothing
Shared Password Exploitation
One leaked password compromises access for every shift on every device
Shared passwords: Eliminated
Every login cryptographically attributed to one individual
AiTM & Session Hijacking
Active sessions on shared devices are prime interception targets
Sessions: Device-bound
Keys never leave the TPM/Secure Enclave nothing to intercept
Insider Threats
Shared logins make audit trails meaningless with no individual accountability
Insiders: Full audit trail
Individual login with individual accountability
MFA Fatigue / Push Bombing
One tired worker approves a malicious push and the whole shift is compromised
Push bombing: Doesn't exist
No push notification model means no prompt to manipulate
Business Impact

Security and savings. Not a trade-off.

100%
Every shared-device attack vector closed

Credential phishing, shared password exploitation, AiTM, session hijacking — all structurally impossible.

<5s
Per shift handover login

Compared to 8–10 minutes with Windows login + NFC card. In a 200-person ward, that's hours recovered every day.

Zero
Hardware token spend

No NFC cards, no YubiKeys, no provisioning process, no lost-token helpdesk tickets. Cost disappears on day one.

Pharma

Pharmaceutical manufacturer secures 1,350 shift workers with Kiosk MFA

Business email compromise via shared credentials had become a recurring threat. AuthN Kiosk MFA was deployed enterprise-wide in a single deployment window, eliminating the shared credential risk across the factory floor.

1,350
Users protected
1 day
Deployment time
Standards & Compliance

Compliant from the moment you go live.

Regulators are requiring MFA for all users, including retail, factory, and shift workers, as the minimum bar. Kiosk MFA meets these requirements without any additional configuration.

AES-256-Bit & ECC-512 encryption. Post-Quantum Cryptography using NIST ML-KEM hybrid mechanisms. No biometrics used — zero PII and zero Knowledge by design.

NIST SP 800-63B FIDO2 / WebAuthn PSD2 SCA SOC 2 Type II NIS2 Directive ISO 9001 GDPR Post-Quantum Cryptography DORA

Authenticate with confidence.
On every device, every shift.

Kiosk MFA makes enterprise-grade phishing-proof security accessible for every frontline worker — without adding a single piece of hardware.

Request a Demo