General

We believe that identities are too sensitive to be managed from the cloud, let alone by organisations that make money from displaying adverts based on people's profiles. But we also believe that websites shouldn't need to reinvent the wheel when moving from passwords to more modern authentication methods. Whatever the future holds, Authentiq has your back in terms of authentication.
All information in Authentiq ID is encrypted and can only be accessed by presenting the phone's passcode or using a fingerprint. You can also set a 6-digit application PIN code for additional security. The secret key used to encrypt and authenticate your identity never leaves the phone and is not backed up online.
Authentiq Connect is built to be as simple and transparent as possible, using proven protocols. It persists no user passwords or secret keys in the cloud, TOTP initialisations are kept under a hashed key and we do not store any profile data permanently except for the duration of the user session.
 

Authentiq ID app

In short: No worries, your profile information is safe!

All information is encrypted and can only be accessed by presenting your phone's passcode or your fingerprint. On top of that you can set a PIN code in the Authentiq ID app for even greater security. The secret keys for encryption and signing actually never leave your phone and are not included in any backup. Instead, create a printout of the keys and keep that safe at home to easily be able to restore your identity on a new device.

And for your peace of mind, you can also remotely wipe the information using this printout.

Even though you're more likely to leave your keys at home than your phone, we've all been there. Authentiq makes it easy for websites to support multiple authentication methods for users. Whether or not you will be able to access a specific site or service depends on the provider of the service and the policy they have in place. Some may still provide access with username and password, while others may have enabled a temporary password by email. Please check on the site what policy applies.
Unless this person knows both your phone's passcode and the PIN of the Authentiq ID app, they will not be able to use your identity.
Currently we support backups to iCloud for iOS and to Google Drive for Android. Note that your secret key is not backed up to any of the cloud platforms and without it your backup is useless. Make sure to print the secret key from the app and store it in a safe location. Whenever you install and open the Authentiq ID app for the first time, it will check if there is an encrypted profile available and give you the option to restore it using the printed secret key. Treat the key as your cryptographic identity.
No problem! Open the Authentiq ID app, and find the session either in the home screen or under Recent. Select the session and touch 'Sign out' on the top of the screen.
 

Authentiq Connect integration

When setting up Authentiq Connect for your website, initially it is placed in "setup mode" so you can readily test it in your development environment. Before you deploy, make sure to specify at least one redirect URI for your website (client) in the Authentiq Dashboard.
Authentiq Connect supports passwordless authentication via Authentiq ID, and two-step verification via standard TOTP apps like Google Authenticator. We will soon add support for magic links, SMS and email-based authentication, and U2F-compatible hardware tokens like Yubikey. Authentiq Connect is OAuth 2.0 and OIDC compliant for easy integration in websites.
We are fully aware that we need to support a wide range of browsers and versions, even today. Authentiq Connect is actively tested with the latest versions of Chrome, Firefox, Safari and IE, but works with any modern browser. In particular there is no reason to experience problems with Chrome 16+, FF 11+, Safari 7+ or IE/Edge 9+.
Yes you can. You decide whether to enable usernames & passwords, two-step verification and/or passwordless authentication methods, what fallback methods to allow, and how to on-board customers to the enhanced authentication methods.
At the moment Authentiq Connect is offered as a highly scalable service running on Amazon ECS. In the future we plan to make Amazon AMI and Docker images available for private deployments. Please let us know what your requirements will be so we can accommodate for them on our roadmap.