FAQ
1) What is BlokSec Immutable Authentication?
BlokSec provides the most secure authentication service based on digital signatures and immutable ledger (based on blokchain technology). Breaking down barriers between cybersecurity, identity, and device management, BlokSec fundamentally changes the way users login without passwords and providing users with a frictionless multi-factor login experience. BlokSec provides the zero-trust access needed to secure hybrid work environments ensuring that trusted users and devices are accessing critical resources on-premesis or in the cloud. The innovative BlokSec service architecture replaces passwords with digital singatures and consent-based authenticaion / authorization leveraging Elliptic Curve Digital Signature Algorithm (ECDSA). Businesses leverage BlokSec to stop phishing attacks, stop being a victim ofcyberattacks, protect their most critical data, and meet compliance requirements.
2) What is BlokSe yuID?
yuID is BlokSec’s decentralized identity wallet. Once setup, you can use yuID to login to integrated websites and mobile apps without the need for a password – yuID creates a unique, unforgeable digital signature for you each time you authenticate.
Installation Instructions
Before you begin, ensure you have received an enrolment email with an invitation to link your account with yuID. You will need this email in step 2.
Step 1: download the yuID application from the App Store / Play Store (or you can search for 'yuID' in either store) on your mobile device. There is no need to open the app yet.
Step 2: open the yuID enrolment email you received on your mobile device, and click on the “complete enrolment” link in the email
Step 3: the yuID application will automatically open to handle the account enrolment. It will walk you through the initial app setup which will prompt you for your name, email address, and mobile number. BlokSec never shares this information without your permission.
Step 4: the yuID application will prompt you to secure the application with biometry (fingerprint or facial recognition depending on your device’s capabilities) or a passcode
Step 5: once the initial setup is complete, the app will proceed to complete the enrollment.
We recommend backing up your yuID seed (click the cog icon, and then select 'Backup') to ensure that your account will be recoverable in case of a lost device.
You are now ready to sign in with yuID!
3) Does BlokSec store users’ personal identifiable information (PII)?
BlokSec only stores users’ name and email address / logon id. Optionally the user can provide a mobile number to support alternate secure login option.
4) Does BlokSec store users’ biometry information?
No the BlokSec service does not store any biometry information for a given user.
5) What if a device is stolen?
Users and admin can remove stolen or lost devices from the directory so that it can no longer authenticate.
BlokSec enforces a policy where user biometry or pin are required to authenticate. This ensures that only the device owner can log in and protects against a lost or stolen device gaining access.
6) What if a device is lost or switching device?
BlokSec provides an innovative approach for users to backup and restore their linked accounts for passwordless authentication. Additional information can be found here.
7) Does BlokSec meet multi-factor authentication (MFA) guidelines?
Yes. BlokSec meets the standard MFA requirements. BlokSec employs multiple factors to login:
-
Something you have: device-level security keys to support digital signature
-
Something you are: device-level biometrics
Unlike other MFA solutions, BlokSec does not use passwords. It is far more secure because BlokSec removes the centrally stored honeypot of passwords from the authentication flow.
BlokSec service has none of the friction of other MFA’s i.e. hardwrare tokens, one time password (OTP) via SMS or email, and mobile-based MFA app that provides 6 digit codes. It simply provides a secure frictionless login that users will love.
8) [Android] When trying to register with the yuID app on Android, I'm presented with an error message about Device Security
If you receive an error message during registration that says:
"To protect your personal digital key from misuse, the BlokSec application requires that your device be protected with a fingerprint or passcode. There is currently no security setup on your device.
Please enable security on your device under Settings > Device Security > Screen lock and try again."
This means that the yuID app was not able to access your device's secure hardware keystore. There can be multiple reasons for this:
-
Your device is open / unlocked, e.g., not currently protected with with a fingerprint 👉 to resolve: add a fingerprint lock to your device
-
Your device is currently not configured to use a biometric sensor that meets the "Class 3" requirements of the Android operating system; according to Android documentation, in order for device implementations to allow access to keystore keys to third-party applications, they:
-
[C-6-1] MUST meet the requirements for Class 3 as defined in this section below.
-
[C-6-2] MUST present only Class 3 biometrics when the authentication requires BIOMETRIC_STRONG, or the authentication is invoked with a CryptoObject.
-
👉 to resolve: configure your device to be locked with a fingerprint
-