Loading...

Every time you send an OTP, you are asking your user to trust their SIM card more than they trust your application.

Announcement
6:19 pm, Wed, 13 May 26

🔐 Every time you send an OTP, you are asking your user to trust their SIM card more than they trust your application.
📱 That SIM card is not yours.
📡 The SMS network is not yours.
🏢 The telecom carrier is not yours.
And the 6-digit code that just crossed all of them? It is sitting in a notification tray, readable by anyone who picks up the phone.
⚠️ OTP does not eliminate credential theft. It simply relocates it.
The shared secret still travels. It can still be:
🔓 Intercepted via SS7 exploits
📲 Redirected through a SIM-swap attack
🎭 Read aloud during a social engineering call pretending to be your organization
Here is how passwordless login works differently 👇
🖥️ A user opens our issuer portal and sees a QR code — a signed challenge generated by the backend.
📲 They scan it using the holder app.
👀 The app clearly shows:
• who is requesting access
• what credential is being verified
• what data is being shared
✅ The user taps approve.
🔑 No password is transmitted.
🚫 No OTP is sent.
📜 The app generates a cryptographic proof tied to that specific session.
The backend verifies it against the Hyperledger Indy ledger, and the session begins.
✨ Nothing typed.
✨ Nothing shared.
✨ Nothing reusable.
Why this is more secure 🔒
A Verifiable Credential proof is not a reusable secret. Intercepting it gives attackers nothing. There is no OTP to steal, no password to phish, and no shared secret moving across networks.
Why this is more trusted 🤝
Consent is explicit, informed, and on-device — not hidden inside an SMS users are expected to trust blindly.
Why this is more cost-effective 💰
📩 SMS OTPs cost money per login, per user, per transaction.
⚡ Cryptographic verification has near-zero marginal transaction cost at scale.
For National IDs 🪪, Health IDs 🏥, Social Protection systems 🤲, and Farmer IDs 🌾, authentication must match the level of trust these systems are designed to provide.
🚀 Passwordless is not the future of login. It is the new standard.
The future of secure, passwordless identity is already here.
Visit us at ID4AFRICA Conference Stall No. L05 to see it in action 🔐🌍