Protect against SIM abuse, Phishing and Password Attacks

Our software is designed to protect your web sites from both credential phishing attacks, session hijacking, SIM hacks, as well as weak or written down passwords. It authenticates users using biometrics on the user's mobile devices. Our protection against SIM hacking is because we do not use SMS. Our software is easy to integrate and use.

A very positive side effect of integrating our software into your platform is that the user sign-in experience comes down at most two taps, and as little as one, on their mobile device instead of a password, SMS or email code they have to wait for and enter. More secure and a better user experience? Win-Win! Try our demo for yourself to see how easy the process is.

You can also send just regular notifications with our system with your apps or web site. No need to develop that code for yourself.

Please note that this site is still under construction. The primary tasks remaining are payment integration, some support options, and the results of beta testing (good so far). Last updated: 4/16/2024.
Get Started Free View Docs Run Demo

Made For the CISO and Web Developers

Make your sites more secure
Quick and Simple
You can quickly and easily integrate 2fa.solutions interface into your existing or new web sites.
Learn more →
Fast API Interface
A simple to use, language-agnostic RESTful API powers your software. We provide examples in PHP and GO.
Learn more →
Value Priced
Our pricing provides a great value for the peace of mind it provides. A sliding scale based on usage from $2.99 a month.
Learn more →
Fully Documented
A complete set of documentation is provided which describes both work flows and API calls in detail (with examples).
View docs →

Full End-to-End Excryption

Biometric based — No SMS to be Hacked

Robust and Redundant Infrastructure

No codes to copy and paste — two taps and you're done.

You Don't Want to be One of These Guys

Hacks our solution would have prevented
SIM Hack
01-26-24 — Source: Fast Company
SIM swapping: the simple way that hackers took over the SEC’s X Account

Just after the stock market closed on January 9, the U.S. Securities and Exchange Commission posted on X (née Twitter) that it had approved exchange-traded funds, or ETFs, that included the cryptocurrency bitcoin. It was a massively important, potentially market-moving announcement, and one that was hotly anticipated by crypto fanatics, professional traders, and casual investors alike.

There was only one problem: The SEC never posted that announcement—someone else did.

Read the article →

If X used our authenticator then the SIM doesn't matter. Biometrics matter. SIMs don't.

Phishing
01-22-2024 — Source: The Record
Financial Platform Payoneer Blames Account Hacks On Phishing Campaign

Just after the stock market closed on January 9, the U.S. Securities and Exchange Commission posted on X (née Twitter) that it had approved exchange-traded funds, or ETFs, that included the cryptocurrency bitcoin. It was a massively important, potentially market-moving announcement, and one that was hotly anticipated by crypto fanatics, professional traders, and casual investors alike.

There was only one problem: The SEC never posted that announcement—someone else did.

Read the article →

If they used our authenticator then phishing wouldn't matter. "Here's my password. Now what are you going to do?" Passwords would have been meaningless if our software was used.

Weak Passwords
01-05-2024 — Source: ars TECHNICA
Weak Password Causes Disaster For Spain’s No. 2 Mobile Carrier

Orange España, Spain’s second-biggest mobile operator, suffered a major outage for three hours on Jan. 3 after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the global routing table that controls which networks deliver the company's Internet traffic, researchers said. The hijacking began when the party logged into Orange’s RIPE NCC account using the password 'ripeadmin'. The RIPE Network Coordination Center is one of five Regional Internet Registries, which are responsible for managing and allocating IP addresses to Internet service providers, telecommunication organizations, and companies that manage their own network infrastructure. RIPE serves 75 countries in Europe, the Middle East, and Central Asia.

Read the article →

If RIPE used our authenticator they would have been protecting their customers against using weak passwords.

How It Works

It's just a few simple steps away
1Download

Your user downloads our User Authenticator App from either the iOS store for iOS-based devices or from the Google Play Store for Android based mobile devices.

2Register Your Device

The user registers their device using your site which will either display a QR code or email them the QR code. The choice is yours.

3Use it!

Your users will then be challenged with a biometric gatekeeper from our App upon log-in to your system.

Get Started in No Time

2FA.Solutions makes it super easy to integrate our authentication software into your existing or new web sites.
Get Started