Strong multifactor authentication. No usernames or passwords
Passhub implements WWPass™ authentication technology. The cryptographic authenticator, which is called a Passkey, comes in multiple forms including smartcards, USB tokens or mobile apps and is ‘something you have’ which is used as the first factor when logging in. For a second factor, a PIN is sometimes used. This PIN is optional and whether or not it is required is up to the company running the site you are logging into. This PIN is ‘something you know.’ The Passkey authenticator is ‘one key for many doors’ (one-to-many), which does not require a password or even username.
Client-side and end-to-end encryption
Along with WWPass™ strong authentication, PassHub.net also features client-side encryption. Client-side encryption means that all sensitive data is ciphered with a Passkey in the user browser. No meaningful information is accessible on the server side. We use asymmetric cryptography to send crypto keys to your peers, thus providing end-to-end encryption. When a user signs in, the browser gets an encryption key, specific for each user-web site pair.
Unlike other password managers, Passhub does not use key derivation based on passwords (PBKDF). In a passkey, authentication credentials are totally independent of data encryption mechanism, thus providing 256-bit entropy for symmetric keys. High entropy means it is practically impossible to guess or brute-force the secret keys.
Standard and open source cryptography
Standard encryption algorithms
PassHub only uses NIST approved algorithms, which include: AES-GCM 256 bits and RSA-OAEP.
Web service or on-prem deployment
Passhub.net is a free web service available to every individual. The service does not collect any private information. Each user only needs an anonymous Passkey to create a Passhub account.
For companies where security policy prohibits external services, a custom dedicated version of PassHub is available for installation on company premises or in the company’s cloud. With the custom dedicated version of PassHub, user access and activity are controlled by a company site administrator. As a protection against Insider breaches and abuse of admin privileges, the site admin cannot read user sensitive data.
PassHub features a distributed server architecture with database replication and multi-head Web servers to provide reliable 24 x 7 availability.
For more technical details, please download PassHub Security Explained white paper.