Word?

Security & Trust

Built for enterprise and government from the protocol up. The most secure credential is the one that doesn't exist.

Zero-knowledge architecture

Your word is never transmitted or stored. Only a one-way hash is ever compared. There is no secret at rest for an attacker to exfiltrate.

Nothing to steal

No password database. No shared secrets. A breach of WordKey yields no credentials, because credentials in the traditional sense do not exist.

Phishing resistant

There's no password to trick out of a user, and tokens are single-use and origin-bound. A phished word alone can't be replayed.

SIM-swap resistant

WordKey never sends SMS codes, so there's no phone number to hijack. Roaming approvals are bound to your device, not your carrier.

Device-bound keys

Your device is a factor. On a native app, the private key lives in the hardware secure enclave and never leaves it.

FIDO2 / WebAuthn compatible

WordKey composes with the standards enterprises already trust, and can layer WebAuthn for regulated deployments.

Compliance roadmap

Certifications underway as WordKey scales into regulated markets.

SOC 2 Type IIFedRAMPHIPAAPCI-DSS