Two-factor authentication is incredible. It's one of the easiest ways for an individual to secure themselves. When it comes to teams though, it just doesn't cut it - it's hard enough to distribute secret keys throughout an organization, even without considering the fact that you'll have to do it again when an employee eventually quits. Or is fired. Or loses their phone.
We built a security platform which can be layered atop any existing 2-factor enabled product to bring your organization the security it deserves, without the headache.
MultiPass is a self-hosted service targeting corporations with a lot of people, a lot of sensitive customer information, or a lot to lose if any of it ever gets stolen. MultiPass won't let that happen.
Think of the last time you used two-factor authentication. It probably involved scanning a QR code, responding to an SMS, or taking part in any number of other security rituals you don't even think about anymore. As an individual, these systems are great - but it isn't exactly easy to share access to your phone with the entire company. Our solution is to take the dozens of solutions built by companies like Google, Twitter, or Heroku, and to rally them behind an all-in-one system which gives your company all the benefits of two-factor authentication you've personally already enjoyed.
Instead of sharing secrets with your team, all you'll do is share access to MultiPass. Once an employee authenticates (with two-factor, of course), they're able to get the one-time codes for any service they're allowed access to, without ever knowing the secrets or having it on their individual phone. If an employee leaves or is fired, simply revoke their authentication with MultiPass and sleep soundly, knowing your information and your keys are safely tucked away, never again seen by prying eyes.
All four of us are involved in some part in the security industry, so we know first-hand how much time is wasted in manually rotating credentials among employees, and we've seen first-hand the exorbitant costs involved in recovering from security breaches that could have been avoided by something as simple as two-factor authentication.
It's always shocked us that no one has made any headway towards solving this problem, so we decided to do something about it: MultiPass.