Frequently Asked Questions


Search The Question


  • How do you protect the information sent from the TraitWare mobile device App to the authentication server?

    We require certificate pinning between the phone app and the authentication server. [Pinning is the process of associating a host with their expected X509 certificate or public key.] 

    Once a certificate or public key is known or seen by a host, the certificate or public key is associated or ‘pinned’ to the host.

    The integrity of data sent from the phone app to the authentication server is verified with a digital signature for the data packets sent over the encrypted connection. [A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature.]

  • What are the two+ factors in Passwordless MFA?

    We deliver up to five factors of authentication, with four of them being completely transparent to the user:

    • Physical possession of the mobile device that the TraitWare authenticator app is installed on. We use patented behavioral metrics to create a rotating ‘device signature’ that locks out the user if the device is tampered with (through jail-breaking/rooting, malware, etc.)
    • FaceID or another user biometric of equivalent security. We only use device-native APIs, ensuring the biometric is an algorithmic representation and never leaves the device.
    • A non-replayable, time-based login code (delivered through a QR).
    • The physical location of the mobile device. Authentication can be restricted to a geographic boundary and will fail once the user leaves the permitted area.
    • A unique ‘Image Pin is chosen by the user as a knowledge factor. Use of a pin is reserved for cases when biometrics are unavailable or must be paired with a second factor for extra security.
  • Does the TraitWare solution require SSO?

    We use auth standards of SAML 2.0, OIDC, and OATH along with a Windows agent and a PAM module for integration to applications, Windows endpoints, and for Linux SSH/SFTP. This allows us to either sit in front of an existing IAM (SSO) solution or act as the IDP. We can also go to the service provider directly.

    SSO is not required nor is an AD/AAD server. What we do require is for an auth standard to be in place or the ability to install the Windows agent or Linux PAM.

  • Does TraitWare support event-based or time-based MFA?

    We use a different methodology that delivers up to 5 factors of authentication per login request, of which 4 are transparent to the user. One of the factors is a rotating key; another is an OTP that can only be used from the authenticator with its device-bound crypto. So we use both an OTP and a rotating key for each event.  We are also able to limit access based on geolocation at the time of the authentication event.

  • How secure is the TraitWare authentication system?

    To secure each individual’s identity TraitWare utilizes

    1) the user’s mobile device equipped with the TraitWare Mobile App, and

    2) the cloud-hosted TraitWare Authentication Server.

    Traitware’s authentication is incredibly effective against malicious attacks and identity theft by a magnitude greater than conventional username and password systems.

  • Is TraitWare supported on both iOS and Android?

    TraitWare is supported on both iOS and Android, Yes.

    You can download the TraitWare authentication app with iOS (10.0+) and Android (6.0+).

  • Does my 30-day trial period start when I initially sign up for my TraitWare account, or do I get 30 days for each customer I add?

    Your 30-day TraitWare account trial starts when you sign up for your account. Your account customers are all associated with the initial account signup, and therefore will not be given their own 30-day trials.

Account Registration

Account Recovery

Pricing and Payments