Security & Trust
Built for enterprise and government from the protocol up. The most secure credential is the one that doesn't exist.
Zero-knowledge architecture
Your word is never transmitted or stored. Only a one-way hash is ever compared. There is no secret at rest for an attacker to exfiltrate.
Nothing to steal
No password database. No shared secrets. A breach of WordKey yields no credentials, because credentials in the traditional sense do not exist.
Phishing resistant
There's no password to trick out of a user, and tokens are single-use and origin-bound. A phished word alone can't be replayed.
SIM-swap resistant
WordKey never sends SMS codes, so there's no phone number to hijack. Roaming approvals are bound to your device, not your carrier.
Device-bound keys
Your device is a factor. On a native app, the private key lives in the hardware secure enclave and never leaves it.
FIDO2 / WebAuthn compatible
WordKey composes with the standards enterprises already trust, and can layer WebAuthn for regulated deployments.
Compliance roadmap
Certifications underway as WordKey scales into regulated markets.