Usernames and passwords are not very secure, but simply adding proper multi-factor authentication (MFA) to your most sensitive apps can reduce your likelihood of getting hacked by at least 80%. The problem, however, is that most MFA products add several time-consuming and inconvenient steps for the user. Also, simply using an MFA solution doesn’t necessarily mean you’re more secure, as some forms of MFA used by sites, are known to be less secure (such as text messaging based verification codes). In order to comprehensively secure your computer as well as your personal apps and services, on all your devices, multiple products must typically be cobbled together.
SAASPASS cuts through that complexity and is the only identity and access management tool you need to secure your personal data, a comprehensive and frictionless solution fully-secured with dynamic passcodes and out-of-band multi-factor authentication. With a single product, it allows you to use your mobile phone or other enabled device to manage all your digital and physical access needs securely and conveniently.
SAASPASS is the only identity and access management tool you need to secure your corporate network, a comprehensive and frictionless solution fully-secured with dynamic passcodes and out-of-band multi-factor authentication. Whether logging into your work emails and company apps, accessing your personal online bank account, making purchases at online retailers, browsing social media, or even unlocking the door of your car, home, or hotel room, SAASPASS allows you to use your mobile or other enabled device to manage all your digital and physical access needs securely and conveniently.
For more industry-specific information, check out our White Papers.
SAASPASS secures organizations and individuals primarily by adding multi-factor authentication with dynamic passwords from the operating system level all the way down to individual apps and services, integrating seamlessly with both on-premise and cloud applications. Because cloud applications are accessible from many locations, authentication security is paramount. Most enterprise cloud platforms (like Google Apps and Salesforce) are accessible both inside and outside the office, and from a variety of different devices, leaving corporate network perimeters dramatically more extended and exposed than just a few years ago. With SAASPASS, users can authenticate to their corporate and personal apps and services securely and conveniently, without an easy-to-steal or guess static username and password, and regardless of their location or device.
Also, because SAASPASS offers the full-stack of identity and access management solutions in one product, it’s able to provide seamless and integrated security without the risk of security holes and cracks that result from stitching together different products. The usability and convenience inherent in such a comprehensive design also reduces circumventions. Other, intrusive or tedious security products, or combination of products, encourage employees and other individuals to find ways to evade security measures.
In addition to being a beautiful and super cool marine mammal, the orca, also known as a “killer whale,” represents SAASPASS’ mission of “killing” the password.
In the marketplace of identity and access management (IAM) solutions, enterprises often cobble together two or more solutions in order to meet their needs, for example, pairing a single sign-on product with an MFA hard token. There are obviously extra resources involved with managing multiple solutions from different vendors, but just as important are the inevitable cracks and seams resulting from relying on a patchwork of products. Some of these fragmented solutions are less secure; others are simply less convenient. SAASPASS offers seamless security and greater convenience for less time and cost to you and your organization.
By providing a comprehensive and frictionless solution fully-secured with dynamic passwords and multifactor authentication, SAASPASS is the only IAM tool you need to secure your corporate network or your own personal data. However, its advantage is not simply in its range. SAASPASS has engineered each of its features to be independently second to none. Using out-of-band MFA with dynamic passwords, SAASPASS enables you to securely authenticate and login to your Mac or PC from your mobile phone or wearable device.
Other IAM products are typically designed for enterprise, while some are geared towards individuals. These two approaches are often viewed as separate or incompatible, the result being that individuals are frequently forced to use a different solution to secure their personal data at home as they do at work. SAASPASS takes a very different approach to IAM with its individual-oriented enterprise solution. SAASPASS understands that for an organization to be truly protected, its security perimeter must be extended to protect its employees, suppliers, and subcontractors--anyone with access to the corporate network. A password breach of an employee using Facebook, for example, on his or her personal computer in an airport or at a Starbucks, can provide just enough information for a hacker to gain access to that employee’s corporate network. SAASPASS extends the security perimeter without compromising the individual’s privacy. The SAASPASS ID serves as a key to the network, but it is owned by the individual, not the enterprise. When an employee changes jobs, he or she doesn’t get a new bank account or a new driver’s license, and yet, most likely both are required to operate as an employee. Employers don’t own an employee’s identity, and yet they are vulnerable if that employee’s identity is compromised. Personal and enterprise security are inextricably linked. Unlike other IAM products, SAASPASS has crafted its solution with this important reality in mind.
SAASPASS also distinguishes itself from others because of its unrelenting attitude towards passwords. Other products, particularly password managers and app authenticators, and even many single sign-on solutions, seem content to help users manage passwords or facilitate their use. SAASPASS does not accept the status quo and strives to replace passwords wherever and whenever possible. By continuously expanding our list of secure links to apps, SAASPASS will not stop until passwords are eradicated. Leave your mother’s maiden name and childhood pet back in the 20th century where they belong! It’s time to commit pass-ticide. Move beyond passwords with the only full-stack identity and access management solution.
SAASPASS works seamlessly on iPhones, Android phones, Blackberry, and many feature phones. Over 350 Java MIDP2 enabled mobile phones have been tested and certified through our extensive internal quality assurance process, and we constantly test and certify new models as they become available.
SAASPASS works basically like a traditional lock and key system, where your “key” is your mobile phone or other SAASPASS-enabled device, and the “lock” can be a computer, a smart lock on your car or home, an IoT device, and so forth.
Multi-factor authentication (MFA) can drastically reduce the risk of hacks, but both the ease-of-use and the level of security provided by different MFA solutions vary widely across the spectrum. Sending and receiving dynamic passcodes by SMS, for example, as some MFA solutions do, should hardly be classified as MFA, as the message is highly vulnerable to interception in man-in-the-middle attacks. Also, passwords should be dynamic, so that even if acquired, they cannot be reused or sold. Only out-of-band MFA solutions with dynamic passwords, such as SAASPASS, offer the high levels of security associated with MFA.
As for convenience, typical MFA solutions require anywhere from 4 to 6 steps in order to securely sign in. SAASPASS can do the same in just a single step, with just a touch of a biometric sensor. SAASPASS provides strong and frictionless MFA through its mobile app and on a number of mobile platforms that include iPhones, iPads and Androids among others. The random number generated through the mobile app can be used to authenticate to any website, service, or device through either our Authenticator format or through custom integration using our RESTful APIs and SAML adapters to over 300 of the top SAAS products.
The one-time passcodes are generated by the SAASPASS app which is available on nearly every mobile device on the market today: iPhones, iPads, Android phones, Android tablets, Blackberrys, and Java ME feature phones.
In cases where an app or service does not enable 2FA, SAASPASS still serves as a traditional password manager, authenticating to those apps automatically with just a stored username and password.
This capability is particularly important for authenticating securely to PACS. Many PACS that claim to be secure are only encompassing the security of encryption of the transport layer for the credentials, which for the most part still rely on static credentials opening them up to attacks. Building SAASPASS into your PACS using our RESTful APIs allows users to authenticate to your smart lock or PACS using dynamic passwords (always changing).
This capability is particularly important for securing IoT devices. Many IoT devices that claim to be secure are only encompassing the security of encryption, and almost 100% of IoT devices still rely on static credentials. Building SAASPASS into your device allows users to authenticate to the device using dynamic passwords (always changing), even when those devices are offline (i.e. during a power outage or an earthquake).
A mobile device, which typically is in an owner’s possession at all times, can be considered a trusted device. The window of opportunity for a thief to commandeer a phone without notice is substantially smaller than stealing an ID badge or token --you realize your phone is gone long before you miss any key fob or card. This short period gives one the opportunity to take preventative action before any damage is done.
The greatest threat to your cybersecurity is not from a physical attack, but through a remote hack, and hacking is exponentially more difficult to do on a SAASPASS-enabled device. Compromised passwords and user credentials are the number one source of hacks, and SAASPASS virtually eliminates this risk through its design and layered use of proper out-of-band multi-factor authentication.
However, even though mobile devices have natural security advantages over computers, SAASPASS takes sandboxing and other security precautions even further through its use of out-of-band multi-factor authentication, encryption, and device management to alert you in case of unauthorized use of your SAASPASS ID. The connection from your mobile device to your cloud-based or on-premise apps is secure and encrypted, and uses multi-factor authentication with dynamic passwords, so there is no backdoor.
Also, even though the mobile device is the “key” that unlocks your computer or other device, you still must unlock the key itself through a PIN code or biometric fingerprint. This PIN code uses our own custom-built keyboard platform which can even be randomly scrambled at each use for extra security.
Please check out our User page for clear instructions and tutorials.
Yes, of course! Pair your smartphone, tablet, work computer and personal laptop with a single SAASPASS ID. Each time you add a new device, synchronize all the devices online.
A smartphone is not required to run SAASPASS. The SAASPASS mobile app runs on any of the following devices:
Yes. The SAASPASS admin console has detailed instructions for how your admin can pair a hard token with a SAASPASS ID.
The computer connector modifies login at the OS level to require a second factor of authentication--the dynamic passcode generated by your SAASPASS or other integrated token. Additionally, the computer connector comes integrated with a Single Sign-On agent and most necessary plug-ins for Proximity on Macs. Depending on your browser, however, you may still need to download a plug-in specific to your browser.
No, but the app itself comes in numerous languages.
The browser will prompt you to download an extension, if needed. This can be downloaded directly from the SAASPASS site, or through reputable stores such as the Firefox or Chrome extension stores.
If you’ve just downloaded SAASPASS, and you have El Capitan or Mac OS 10, there is no need to download patches. The downloadable patches are for users with older versions of SAASPASS and older versions of the Mac OS.
The auto-pairing is intended to work when you don't have 2FA active on your account to begin with. If you already have it, via Google Authenticator, you would first need to turn it off. Then, add it again, saying you will use an Authenticator app. But instead of using the Google Authenticator app, you would scan the pairing code with your SAASPASS app, type in the pairing code, back into the service you are using, and you'll be done. If you want to use SAASPASS's single sign-on capabilities, you would also need to save your password under that authenticator in the SAASPASS app. SAASPASS would essentially replace your Google Authenticator app. SAASPASS has a number of security and usability advantages over the Google Authenticator, including that the seed is encrypted and protected by your PIN entry or Touch ID. Also, you are able to clone it if you want onto other devices such as a backup phone, a tablet/iPad etc... as well as the ability to turn on Recovery should you wish.
If your computer won’t accept your OTP code, first make sure the clock in your computer is in sync with the one on your mobile device. If necessary, change the time on your phone to be synchronized with the computer.
If that doesn’t work, try restarting your computer. Automatic computer updates can sometimes cause the computer’s username and password to be rejected until the computer is restarted.
If SAASPASS will still not let you log in, please contact our support team.
Yes. Users can login manually or through the Proximity Feature, with full dynamic MFA, even when offline.
This is a security measure. When SAASPASS senses it has been updated, it connects to SAASPASS servers to verify that the app update was an official update.
After your computer runs updates, occasionally you must power off your computer completely, then restart. If you are still locked out, please contact our support team.
When you change the login password to your computer, you must also change it in the mobile app. Click on the computer in the Computer Login section of the mobile app and enter in the new password.
After your Mac runs updates, occasionally you must power off your computer completely, then restart. If you are still locked out, please contact our support team.
In the mobile app under Settings, select PIN Settings. In the menu, turn on the method you would like to enable.
The Proximity Login feature enables users to authenticate and unlock their personal laptops and desktops, or firm laptops and desktops controlled with active directory--using dynamic multi-factor authentication--simply by being in close proximity to their computer. The feature works using location-based iBeacon Bluetooth Low Energy (BLE) technology, and it requires a downloadable plug-in which is included when you download the computer connector for Macs.
Pair, unpair, and manage devices with your SAASPASS mobile app, Proximity-based authentication works on Bluetooth-capable devices and uses the Bluetooth low-energy format, so SAASPASS Proximity is extremely battery-efficient, and does not require an Internet connection. Most mobile Apple devices (iPhone 4S onwards) and most Apple Macs (2011/2012 onwards) support BLE and the list of supported platforms is increasing every day.
Yes. To customize your pairing settings for the Proximity Login feature, go to Settings in the mobile app under Settings, and select Proximity. Choose your preferences from this menu.
In the mobile app under Settings, select Proximity. Customize your preferences in this menu.
Your computer must have an Internet connection to use the barcode scan login feature. Without a proper Internet connection, the QR code will not load and display properly. If you do have an internet connection, but it’s still not showing a QR code, then it means a firewall or other network configuration is blocking one of the Ports needed by SAASPASS.
Scan barcode is available on iPhones, Android phones and Blackberry 10 phones. Scan barcode is also available on most iPads, and Android tablets.
The Remote Login feature works through an Internet connection, turning your mobile device into a remote secure key that can unlock and launch devices and applications using dynamic multi-factor authentication.
Similar to the Remote Login feature, the Push Login feature allows users to login to apps with the push of a button. However, while Remote Login works on devices paired with a user’s SAASPASS ID, Push Login requires no plug-ins or any other downloads, so it can be useful for login to a public or shared computer.
After typing in your computer login and password manually, enter in the dynamic passcode listed in your mobile app for the select computer. This can be done even without an Internet connection.
While single sign-on products are often used by organizations to secure links to cloud-based apps using a SAML protocol, eliminating the need for passwords, password management products typically just store and populate usernames and passwords into a browser. These are often used by individuals, rather than enterprises, as they are more about convenience than security. Through its Authenticator format, SAASPASS is able to integrate a 2FA security layer into its password management flow, providing the same level of convenience as other password managers, but with added security.
In cases where an app or service does not enable 2FA, SAASPASS still serves as a traditional password manager, authenticating to those apps automatically with your stored username and password.
No. If you click “save my password” when prompted, you are telling the browser to save a password, but if you have already set up SAASPASS password manager, then the passwords are securely saved in your SAASPASS account, and don’t need to be saved in the browser, which is at times one of the stores of information most easily exploited by attackers.
In the Authenticator section of the mobile app, click on the “+” for a number of app integration options. If you select “Choose Authenticator,” you can select from our hundreds of supported applications and integrate automatically using the ready code we have created.
If you are currently using Google Authenticator (or another Standalone Authenticator), in order to transfer your authenticated apps, you should first turn Google Authenticator off. Then, add it again, this time opting to use an Authenticator app. However, instead of using the Google Authenticator app, scan the barcode with your SAASPASS app, type in the pairing code, and you'll be done. To use SAASPASS' single sign-on capabilities, you will also need to save your password under that email address in the SAASPASS mobile app. SAASPASS would essentially replace your Google Authenticator app.
SAASPASS has a number of security and usability advantages over the Google Authenticator, including that the seed is encrypted and protected by your PIN entry or Touch ID. Also, you are able to clone it if you want to onto other devices such as a backup phone, a tablet/iPad etc... as well as the ability to turn on Recovery should you wish.
We currently support hundreds of applications listed here. If we do not currently support an app that is under your own control, please see our Developers site for instructions on how to add your app. If you are unable to add, or if you’d like to authenticate to a third-party application that we do not currently support, please contact our support team.
If an app or service does not allow two-factor authentication, you can still use SAASPASS as a password manager for your convenience. When you click on that app, your username and password will be automatically populated for convenient sign-in, but for that app, you will not have the added security of multi-factor authentication. If you’d like to authenticate to a third-party application that we do not currently support, please contact our support team.
In the mobile app, under Settings, select “Erase My Data.” Click “Continue” and you will be asked to authenticate again as an added security measure. Next, select the apps you wish to erase. Never erase an App if you still have authentication with 2FA / MFA turned on for that app, as you will be unable to login without the code.
In the mobile app, under Settings, select “Custom Menu Layout.” From there, you will be able to rearrange your menu as desired.
The Scrambled Keypad randomly changes the order of the keypad when turned on, to add additional security to the PIN on your mobile app so that people in your vicinity won’t be able to guess your PIN based on where on the screen they see you touching.
No. Apple currently doesn’t allow any third-party 2FA / MFA.
Yes. If our SAASPASS APIs are used to integrate a smart lock or other device, you can “lock” or “unlock” a door or item from your mobile device just as you would a computer.
The Locker feature allows users to store important and sensitive information (i.e. passport numbers, credit card or bank account information) in an encrypted, sandboxed vault on their device. Only the user can access his Locker. Users can opt to turn on synchronization between devices, which enables the information in the Locker to be accessed and synchronized on any of his cloned devices, and for the information to be restored in the event of a SAASPASS recovery.
In “Open in App” on the mobile device, a user signs into a service through a browser built into the SAASPASS app, at which point the username, password, and dynamic one-time-password are automatically populated.
In “Open in Browser,” the user must manually enter in his or her username and password for that app, then press “paste” when prompted for the dynamic code (SAASPASS automatically copies the relevant dynamic code to the user’s clipboard). Because of the manual entry, the In-Browser function is slightly less convenient that the In-App function, but in some cases, depending on the app, it can provide the user with a better interface.
Yes. Your SAASPASS ID belongs to you and is portable. It can be linked to multiple companies. The admins at each company have zero access to anything in your SAASPASS app except for the specific corporate apps and services in their network to which they configured you.
When you are deprovisioned from a corporate network, you lose access to all the corporate apps and services, and these instantly disappear from your mobile app. Your personal apps and services remain, as well as any corporate apps from other employers you may have.
In Device Management, under Settings in the mobile app, you can view all your SAASPASS-enabled devices, and delete any as needed.
If you set up recovery options before your phone was disabled, lost, or stolen, then you can now initiate a recovery. When you download the app on your new phone, and run a recovery, your SAASPASS account will automatically clear from your original device. Here are detailed instructions: https://www.saaspass.com/how-to-recover-saaspass-id-account.html If you have not previously set up the recovery options, and you have not cloned your SAASPASS ID onto another device, you must now set up a new account.
To remove or disable a SAASPASS-enabled device, go to Settings in the mobile app. Under Device Management, you can view all your SAASPASS-enabled devices, and delete if needed. Also, if you download the app onto a device, and run a recovery, your SAASPASS account will automatically clear from all other devices.
When you download the app on your new phone, and run a recovery, your SAASPASS account will automatically clear from your original device. If you prefer to keep your old phone, and want your SAASPASS app to remain enabled on it, then you can clone your SAASPASS ID from the original device onto the new device. This will enable you to use SAASPASS on both devices.
Clone your SAASPASS ID onto two or more devices in a fully cross-platform manner, from an iPhone to an Android, for example. Cloning allows you to backup your SAASPASS ID without resorting to a SMS-based Recovery and security questions. If desired, you can permanently turn off Recovery and use only a Cloned SAASPASS device to restore your ID to other devices.
To clone your SAASPASS ID, go to Settings in the mobile app of your original device, select “Clone SAASPASS ID,” then enter your PIN. A cloning code will be generated as well as a barcode that can be scanned. Download the SAASPASS app onto the target device, and choose the Cloning option at the bottom right after activating it. Next, use the new device to scan the cloning code on your original device, or manually enter the code.
Cloning to a second or third device can add convenience in case your original device is lost, stolen, or disabled. In this case, there would be no need to initiate a SAASPASS Recovery; the original device can simply be removed through the Device Management menu.
Also, the cloned device can serve as a convenient and immediate backup in case the original device has no power or is temporarily disabled.
No. For someone to clone your device, they would need full possession of your original device, and they would need to know your PIN to access the SAASPASS app within that device. Even in the unlikely event that someone was able to obtain access this way, without your knowledge, and then clone your ID to their own device, that new device would appear in your Device Management console.
Yes. You can always use or clone to a device that doesn’t have an associated phone number, but if it’s your only SAASPASS-enabled device, you will not have recovery capabilities if you lose that device.
The risks of having your SAASPASS ID cloned to more than one device, are not too different to having more than one key to your house door. The chances of a key being lost potentially increase, but unlike a key which can be used by anyone if found, the SAASPASS app can’t be used unless the finder already knows the correct PIN. Additionally from the device management menu, one can always deactivate any cloned devices that go missing, thereby limiting risks significantly.
Recovery enables you to restore your SAASPASS account onto a new device. In order to be able to initiate a Recovery, you must set up Recovery options before your mobile device was disabled, lost, or stolen. Here are detailed instructions:
When you initiate a Recovery, your SAASPASS account will only be restored on the mobile device on which you are running the Recovery. Every other SAASPASS mobile app associated with your SAASPASS ID immediately clears and resets on any device on which it is installed or cloned.
When you first install SAASPASS, you should set up Recovery in the event that your mobile device is lost, disabled, or stolen. Here are detailed instructions: https://www.saaspass.com/how-to-setup-secure-recovery-two-factor-authentication-2fa.html
If someone is able to hijack your phone number (not your phone), so that calls and SMS messages to you are redirected to their device, theoretically, the SMS verification code would then be sent to them if they initiated SAASPASS Recovery from their device. With that code, they could Recover your SAASPASS account to their device. As extremely unlikely as this is, SAASPASS offers protective measures against this scenario:
If you have not received a verification code after initiating SAASPASS Recovery, most likely you either did not set up Recovery when you installed the app, or you set a verification code delay. If neither of these has occurred, please contact both your mobile service provider and also our support team.
To minimize the risk of interception when your verification code is sent by SMS during SAASPASS Recovery, SAASPASS has the following security controls:
To add additional security to the Recovery process, go to the Settings icon in the top right corner of the mobile app. Under Settings, click on Recovery, then Advanced Settings. There are several options available:
First, remove the application from your computer. To remove from Windows machines, run the Windows uninstaller. For Macs, run the “SAASPASSremove” program which you can find by using the Mac’s built in search. Next, delete the application from your SAASPASS-enabled mobile or other device(s). If you’ve set up recovery, you will still be able to restore your account. To permanently delete your SAASPASS account, you must go to Recovery in the mobile app and select “Remove” under the Active Recovery Option.
If you’ve set up recovery, then you can restore your account. Otherwise, you must set up a new account.
Check out our Admin page for clear instructions, downloads, and tutorials on how to get started.
If you’ve received an “Existing domain” error message, then you or someone from your company has already registered using an address from that domain. Please make sure that you’ve downloaded the SAASPASS app and that you’ve verified the email that you receive. It may have gone to your spam folder. If you are the admin for your domain, please email our support team, in this case, so that we guide you on how to complete registration.
When you finish using the public computer, logout and clear the browser for added protection. You’ve just accessed all your corporate apps without ever typing any passwords into the computer. Now you’ll leave without a trace.
SAASPASS can provide and support hard tokens, but we encourage companies to use soft tokens (mobile app). Using the mobile device minimizes costs and resources to your company in terms of maintenance, replacement, inventory, etc.
Also, mobile devices are potentially more secure. Based on a recent study by Nottingham Trent University, the average person checks their phone 85 times a day. This translates to once every 11 minutes if the average person is assumed to sleep 8 hours, whereas hard tokens tend only to be checked when needed. This means it could be hours or even days before a user realizes a hard token is lost, versus minutes for a soft token. This time advantage exponentially increases security as it gives admins the ability to take action and cut out sooner the potential of an attack surface window.
Additionally, more features are available on the soft token. Hard tokens are generally issued to employees by the company, and they do not authenticate to the user’s personal apps and services, so users lose some of the portability and versatility advantages of the mobile app.