Frequently Asked Questions

FAQs

Search The Question

General

  • How do I contact support?

    Please contact us at support@traitware.com.

  • What is island hopping?

    Bad actors target large organizations indirectly, gaining access first to smaller, more vulnerable partner company networks to eventually infiltrate the larger company.

    Find out more about Island hopping here:

  • How can I login to Windows (offline and online)?
  • How do you protect the information sent from the TraitWare mobile device App to the authentication server?

    We require certificate pinning between the phone app and the authentication server. [Pinning is the process of associating a host with their expected X509 certificate or public key.] 

    Once a certificate or public key is known or seen by a host, the certificate or public key is associated or ‘pinned’ to the host.

    The integrity of data sent from the phone app to the authentication server is verified with a digital signature for the data packets sent over the encrypted connection. [A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature.]

  • What are the two+ factors in Passwordless MFA?

    We deliver up to five factors of authentication, with four of them being completely transparent to the user:

    • Physical possession of the mobile device that the TraitWare authenticator app is installed on. We use patented behavioral metrics to create a rotating ‘device signature’ that locks out the user if the device is tampered with (through jail-breaking/rooting, malware, etc.)
    • FaceID or another user biometric of equivalent security. We only use device-native APIs, ensuring the biometric is an algorithmic representation and never leaves the device.
    • A non-replayable, time-based login code (delivered through a QR).
    • The physical location of the mobile device. Authentication can be restricted to a geographic boundary and will fail once the user leaves the permitted area.
    • A unique ‘Image Pin is chosen by the user as a knowledge factor. Use of a pin is reserved for cases when biometrics are unavailable or must be paired with a second factor for extra security.
  • Does the TraitWare solution require SSO?

    We use auth standards of SAML 2.0, OIDC, and OATH along with a Windows agent and a PAM module for integration to applications, Windows endpoints, and for Linux SSH/SFTP. This allows us to either sit in front of an existing IAM (SSO) solution or act as the IDP. We can also go to the service provider directly.

    SSO is not required nor is an AD/AAD server. What we do require is for an auth standard to be in place or the ability to install the Windows agent or Linux PAM.

  • Does TraitWare support event-based or time-based MFA?

    We use a different methodology that delivers up to 5 factors of authentication per login request, of which 4 are transparent to the user. One of the factors is a rotating key; another is an OTP that can only be used from the authenticator with its device-bound crypto. So we use both an OTP and a rotating key for each event.  We are also able to limit access based on geolocation at the time of the authentication event.

  • How secure is the TraitWare authentication system?

    To secure each individual’s identity TraitWare utilizes

    1) the user’s mobile device equipped with the TraitWare Mobile App, and

    2) the cloud-hosted TraitWare Authentication Server.

    Traitware’s authentication is incredibly effective against malicious attacks and identity theft by a magnitude greater than conventional username and password systems.

  • Is TraitWare supported on both iOS and Android?

    TraitWare is supported on both iOS and Android, Yes.

    You can download the TraitWare authentication app with iOS (10.0+) and Android (6.0+).

  • Does my 30-day trial period start when I initially sign up for my TraitWare account, or do I get 30 days for each customer I add?

    Your 30-day TraitWare account trial starts when you sign up for your account. Your account customers are all associated with the initial account signup, and therefore will not be given their own 30-day trials.

Users

Admin persona

  • How does Enterprise recovery work?

    The TaitWare Console allows Account and Customer Owners (see Owners documentation) to provision Recovery Users and Paper Keys.

    Owners may provision recovery users and paper keys for any Accounts or Customers that they own. Anybody who knows this paper key, has access to the recovery email, and is able to provide identity proofing to TraitWare support can utilize this process to provision a new Owner without access to an Owner’s device and device credentials. With this in mind, protect these secrets the same way you would protect a phone that automatically unlocks.

    TraitWare strongly suggests provisioning multiple owners for any Account or Customer. This recovery process is intended to only be used as a final protection against Account or Customer access loss, in cases where all owners simultaneously lose access to their devices.

    Find out how Enterprise recovery works here:

  • How to create an alias user (admin persona)?
    • Navigate to the Applications tab in the TraitWare console. Click on the blue button to add application
    • Select Windows 10/11 MFA, a new page will appear
    • Fill out the section under Application Name, select Save Changes on the bottom right
    • Copy the Client ID and Client Secret
    • Enable the Windows 10 application for newly-created alias user
    • Ensure that everyone using the alias user is enabled for the same application
    • Navigate to the tab in the TraitWare console called Alias Users. Click on the blue button to add an alias user
    • Name the mapping and select the alias user. When finished click submit
    • Click on the newly created Mapping Name
    • To add users for the alias, select Manage Users
    • Name the mapping and select the alias user. When finished click submit
    • Click on the newly created Mapping Name
    • To add users for the alias, select Manage Users
    • Select desired users. When finished click Close, the newly added accounts should now be seen on the alias user screen
    • Select the Approved Applications tab. To add applications, select Manage Applications
    • Select desired applications and when finished click Close
    • The application is now shared via the alias user to other users
    • Select desired users. When finished click Close, the newly added accounts should now be seen on the alias user screen
    • Select the Approved Applications tab. To add applications, select Manage Applications
    • Select desired applications and when finished click Close
    • The application is now shared via the alias user to other users

    Find out more here:

  • How to enable an alias user (admin perspective)?
    • In the TraitWare console, navigate to Customer Settings in the bottom left of the page
    • Select Enable Alias User
    • Add a name for the alias user, there is the option to add a logo if desired. Once completed click Save Changes in the bottom right corner

    Find out more here:

     

  • Requiring 3-factor authentication
    • By default, only one type of authentication is required (biometric or PhotoAuth)
    • If you desire a higher level of security, 3-Factor Authentication (biometric and PhotoAuth) may be turned on for users
    • Note that this is recommended for admin users with higher accesses
    • 3-Factor can be applied to new or existing users
    • **Randomize Photo Authentication is recommended for highest security measures
  • How to troubleshoot if a user can’t sign in?
    • If there is a message that the QR is not valid, please restart the TraitWare application. A session will timeout after 5 minutes of inactivity. If screen timeout is longer than 5 minutes, session will timeout without user knowledge
    • QR code not showing on browser – please see list of supported browsers:
      • Chrome (recommended)
      • Firefox (recommended)
      • Safari
      • Microsoft Edge
    • Failed Sign-In, please check the following:
      • Make sure that connection is stable
      • Check that account is enabled
      • Ensure no change to biometrics or master PIN
      • If users opt for PhotoAuth, make sure that the sequence is entered correctly
      • If issues continue, please contact the account admin
    • If users receive an “Unexpected Error” when using TraitWare, please make sure that the connection is stable. If this error continues, exit out of the TraitWare app and try again
    • Biometric or PIN change. Biometric or master PIN change will lock the TraitWare accounts on the device. These accounts will need to be unlocked by an administrator        

    Find more information here:

  • How to reset to many failed attempts?

    A user may get a failed authentication attempt by entering the wrong PhotoAuth sequence, if their device traits have changed too much, or in some cases (particularly with Samsung) on device update.

    • Resetting Failed Login attempts will solve issues for a user who has forgotten a PhotoAuth sequence
    • Resetting Session Traits will solve issues for a user who has traits which have changed too much (this may sometimes solve issues after a device update)
  • How to create an application?

    First create a signing key for your application (SAML apps).

    1. Click Signing Keys under the Applications menu.
    2. Select Generate new Key Pair.
    3. Enter a Display Name.
    4. Select the lifetime of time you prefer for your key. NOTE: Owners will be notified by email of pending key expirations. The other options are fixed.
    5. Select Generate Key.
  • How to add a new device?
    • If a user loses or upgrades their device, the old device will need to be Deleted before you can Add a New Device
    • Note that if they are using a temporary phone, this step will still need to be completed. Only one device can be assigned to a user for security purposes
    • Once a new device is added, you will be able to Register the user

Account Registration

Account Recovery

Marketing and Sales

Pricing and Payments

  • What kind of Passwordless MFA Technology Partnerships does TraitWare offer?

    It is our goal to help fuel the success of all our partners – to empower them, in the face of growing global security risk, to better serve the needs of their customers – with TraitWare’s Real Passwordless MFA™ for True Zero Trust Access.

    A list of partnership types can be found at this link:

  • How do I modify or change my billing or contact information?

    Please email us at partners@traitware.com.

  • Are you SOC 2 certified?

    Yes. A SOC 2 certification report can be sent when a partner is under NDA with TraitWare.

  • Do you have industry use cases?

    Yes, we do have case studies and customer testimonials.

    More about that can be found here:

  • What are the retail prices?

    Retail pricing for TraitWare is $5 per use, per month. Partners can get a discount on the retail price, dependent on which partner contract you have in place with TraitWare:

    • Referral: In this model, for any referral to TraitWare that results in a sale, the partner will receive a one time referral fee of 10% of first year contract value
    • Co-Sell: In this model the partner is responsible for bringing the opportunity to TraitWare and handle the account management responsibilities of the client (from initial sale to a closed contract. TraitWare will handle both the technical part of the sales process as well as post sale customer technical support. The partner receives a 20% commission for the life of the contract with the client.
    • Resell/MSP: In this final model, the partner is responsible for all aspects of the sales process. This includes Sales, Technical Sales and Level 1 support post sales. The partner receives a 40% commission for the life of the contract with the client.
  • Can I get a volume discount?

    Yes. There are options where a volume discount could apply.

    For example, volume tiers will be established and the amount of margin the partner receives will increase based on achieving the next plateau. The number of users and amount of the additional discounts are negotiated on a per partner basis, based on the markets served (Geographically and from an Industry perspective).

    For more information contact us on support@traitware.com.

  • How does your pricing model work?

    Every user begins with a 30-day free trial account of our software. During this period, they are given unlimited access and usage of the service and the ability to cancel the service. After the 30-day trial, the user will choose a pricing plan detailed on this page.

  • What if I need to be issued a refund?

    If you have already purchased a yearly subscription, and you are not satisfied with the product, we can issue you a pro-rated refund based on the amount of time after your trial period expired. Contact support@traitware.com to get your refund process started.

  • How long does it take before I receive my refund in my account?

    Refunds typically take 5-10 business days to be processed and refunded to your account.