MasterKey v3.1

Invisible Passwordless MFA

Unlock seamless, password-free access to your SaaS platform—no software, no setup, and multi-factor authentication in a single invisible step.

The Internet is Now Password-Free

Invisible to users with no software or setup, MasterKey secures logins from compromised devices and networks, delivers MFA in one step—not two, and unlocks seamless access that boosts engagement. 
It can also double or even quadruple customer acquisition by eliminating registration abandonment.

INSTANT Onboarding

Invisible Passwordles MFA

Invisible to users—no software, no setup, just seamless onboarding with instant access.

Customer Desertion Starts at Your Login Screen

Industry studies report 50-90% of new online customer registrations are abandoned.
Lost credentials then drive existing customers away—silently killing engagement, loyalty, and growth.
Customers want INSTANT Access.

When Passwords and MFA Fail –
Trust Dies, Users Leave, Revenue Drops.

  • 99% of cyber attacks target end-user devices
    PCs and smartphones. The goal is identity theft: to capture login credentials and take over accounts, steal money, redirect transactions, or hold people to ransom.
  • Password Managers expose credentials to malware
    Auto-filled credentials are rendered in cleartext inside the browser—instantly intercepted by Man-in-the-Browser (MitB) attacks. This is a fundamental design flaw in all browsers that password managers can’t fix.
  • Passwords are weak, reused, and often forgotten
    They are the most exploited vulnerability online and the greatest source of user friction.
  • 2FA frustrates users, fails, and is frequently defeated
    It's expensive to deploy and support. Once a device is compromised, all that’s needed is a little social engineering to extract the second factor.
  • One-Time Passcodes (OTPs) can be replayed
    Attackers can intercept or trick users into revealing their OTP, and reuse it within a narrow window of time—before the session locks.
  • Account recovery is a business cost that never scales
    When users lose access, recovery workflows burden support teams and frustrate customers.
  • Cyber breaches are catastrophic for business
    Reputational damage, regulatory fallout, and lost trust destroy businesses.

Invisible Passwordless MFA –
Activates Users and Builds Trust.

  • Invisible MFA—users don’t even know it’s there
    No passwords. No second step. MasterKey delivers multi-factor authentication in on invisible action—across desktop and mobile—without requiring users to do anything.
  • No software. No setup. No user training
    Users onboard instantly—nothing to download, configure, or remember—making it up to 10× faster than traditional workflows.
  • Protects users—even on compromised devices
    The system is designed to remain secure—even when the user’s device is compromised. We operate with Zero Trust of the endpoint: Malware can't intercept credentials that are never entered, stored, or exposed.
  • New Decentralized Web Protocol and FIDO2 compliant
    Trust is enforced independently of the browser, device, or network. The architecture removes reliance on vulnerable endpoints—it's the foundation that makes invisibility and security possible.
  • Deployed in minutes—not months
    The open-source API can be integrated in ~20 lines of code with no backend changes. We already offer No-Code plug-ins for leading SaaS marketplaces. For transparency, the protocol is disclosed in a global patent application, reinforcing transparency and innovation.
  • Eliminating login abandonment creates momentum
    By reactivating engagement and driving lifetime value.
  • Growth accelerator to turbocharge your SaaS
    More than a security feature, eliminating registration abandonment doubles, or quadruples, customer acquisitions, turbocharging growth.

.

 

Passwordless Gridlock

Analysts predicted 90% adoption as SaaS companies raced to provide frictionless access for users.
However, the steep costs of integration and change management often make Passwordless unviable.
With 50-90% of registrations abandoned, adding Passwordless only decimates conversions further—until now!
Capability / Issue Passwordless MasterKey Passwordless Competitors Passkeys / FIDO2 OAuth / Social Media
No User Software or Setup ✔️ ✔️
Change Mgmt Trends Toward Nil ✔️ ✔️
Instant Onboarding ✔️ ✔️
Eliminates Registration Abandonment ✔️ ⚠️ Partial
Eliminates Login Abandonment ✔️ ✔️ ✔️ ✔️
Secure if Device Hacked ✔️ ✔️ ✔️
Prevents MitB Attacks ✔️ ✔️ ✔️
No Backend Integration ✔️ ❌ Moderate to High ❌ High ❌ Low
Open API ✔️ ✔️ Open ✔️
SaaS Platform Plugins ✔️ Some
ROI ✔️ Immediate ⚠️ Varies ⚠️ Varies ⚠️ Varies

Complements SSO and IAM

MasterKey complements existing Single Sign-On (SSO) and Identity & Access Management (IAM) solutions, enhancing them without replacement or disruption.
Read more ⟶
SSO and IAM systems centralize identity management but typically leave user authentication reliant on traditional methods—such as passwords, security certificates, or passkeys—that often introduce complexity, friction, or significant integration hurdles. MasterKey fills this critical gap by providing truly invisible, frictionless, passwordless MFA that integrates seamlessly into your existing identity stack without backend changes or substantial user onboarding. This fusion empowers your enterprise with secure, effortless user access, improved compliance, lower support overhead, and dramatically enhanced user experience—without the complexity typically associated with passwordless upgrades.

OAuth Isn’t the Answer

Social Media authentication (OAuth) offers convenience but at a significant cost—privacy, security, and trust.
Read more ⟶
Many users resist linking their critical accounts to platforms like Facebook or Google, creating hesitation and abandonment at the point of login. Additionally, OAuth shifts trust away from your business to third parties that have no accountability to you. There’s a reason banks and high-security services never rely on OAuth: it fundamentally weakens user trust, undermines brand confidence, and introduces unpredictable support issues. MasterKey provides independence and complete user trust—without third-party reliance or complexity.

Password Managers Fall Short

Password Managers can’t fix fundamental browser vulnerabilities.
Read more ⟶
Password fields on a web form auto-filled by password managers appear as asterisks but are actually clear unencrypted text to any software in the browser—instantly exposing them to a Man-in-the-Browser (MitB) attacks. MasterKey ensures credentials are never exposed, eliminating this risk entirely.

Invisible by Design:
Powered by a New Decentralized Web Protocol

Security without friction — even on compromised devices — shifting trust away from the endpoint and into the decentralized protocol with no single attack surface.
  • Invisible Passwordless MFA — Passwordless multi-factor authentication in one step (not 2 steps) with no user software or setup.
  • Zero Trust of the Endpoint — The system is designed to remain secure even when the user’s device is compromised.
  • Transparent with Open Standards — The API is open-source, and for transparency, the protocol is published in a global patent.

How it Works

MasterKey is deployed from the front face of an organization’s web server and harnesses the browsers on user mobile phones. There’s no app to download, install, or configure, so it is instantly accessible to all users.

The system is based on a new Decentralized Web Protocol that combines three cryptographic security secrets in the webserver, mobile, and MasterKey infrastructure. These three security secrets are never released, so they can never come together, thus leaving no single attack surface.

Together, these secrets double-encode the user’s phone screen, creating the illusion of a keyboard (Invisible Encrypted Keyboard). Information provided by the user, such as login credentials, is double-encoded and then further encrypted before being stored. With standard encryption and encoding, current technology would require billions of years to decrypt it and would yield contextless, meaningless encoded data that could never be used. 

The system functions as a one-way trust vector. Only the original webserver can decipher the encoded credentials, and only if the process is first initiated by the user’s mobile. Two-factor authentication is achieved in a single step by passing through the unique device signature of the user’s phone. Proof-of-presence (biometric scan) using Passkeys/FIDO2 can optionally provide a third factor of authentication.

The system scales to any size and is being deployed into large SaaS platform marketplaces with hundreds of millions of users. It carries no PII (Personal Identifiable Information) and is compliant with GDPR/CCPA. 

For organizations considering Passkeys/FIDO2, MasterKey enables deployment without any backend development, saving months of work.

Test Drive Your Own Website

  • No Technology Risk — No single point of failure. Users can always log in with their credentials.
  • No Security Risk — Credentials, now controlled by the webserver, bypass the user’s untrusted device.
  • No Business Risk — Free to trial, and upgrade later for service level guarantees.

Experience it With Your Own Hands

Experience a Live Demo

Experience the simplicity. No software or setup.

Try MasterKey instantly on desktop and mobile.
No setup required — just scan and see it work.

Start Here — Self-Service Portal

Unlock Access (Free)

Free Developer Access, No-Code Plugins,  API Key

Includes pricing, setup docs, demo tools. No-code plug-ins are available for popular SaaS platforms.

Speak with an Advisor

Schedule a Call (Zoom)

Hands-on with a cybersecurity expert

Explore architecture fit, deployment options, proof-of-concept, best practices, and configuration options.

Securing SaaS Platforms You Already Use

  • MasterKey is live in some of the world’s most trusted SaaS ecosystems (examples below)
  • Open-source no-code modules are deploy in minutes — no cost, no risk, and no backend changes
  • Prices span Free to Full Service, from 5 users to Millions (log in to the Self-Service Portal to view)

Odoo is one of the world’s fastest-growing open-source ERP platforms, serving some 300,000+ SMEs and 12 million users.

MasterKey is the only Passwordless option in the Odoo marketplace. The open-source no-code module can be deployed within 3 minutes, initially at no cost.

Administrators can gradually ratchet up security, switching from optional to mandatory, enabling/disabling 2FA at the user or the global level, and logging out inactive user sessions. 

Moodle LMS powers over 150,000 schools, universities, and training providers globally, with an estimated 440 million users.

MasterKey integrates seamlessly into Moodle via a free no-code plug-in and can be deployed in minutes. It enables instant passwordless login. 

Administrators can gradually ratchet up security, switching from optional to mandatory. A major issue it solves in education is the support burden of resetting user passwords each day.

WordPress

WordPress powers over 43% of all websites and supports thousands of third-party plugins.

MasterKey’s no-code plug-in deploys in minutes, with a free 5-user tier suitable for any site.

Numerous WordPress applications have users logging into sensitive data. MasterKey can be implemented within minutes with user adoption by osmosis. It’s delivers strong security with a smooth UX that increases engagement.

WOO

WooCommerce powers millions of online stores built on WordPress and is widely used by small to medium-sized businesses.

MasterKey deploys in minutes via the same no-code plug-in, adding invisible multi-factor authentication to secure customer logins without disrupting checkout.

It reduces cart abandonment, protects sensitive data, and improves UX — helping boost conversions and customer trust.

Integration Roadmap

MasterKey is expanding rapidly, with new platform integrations that can be released within weeks.

Our current roadmap includes:

SaaS Platforms:
    Salesforce, Drupal, Shopify, Zoho, Atlassian, HubSpot, Slack

Identity Providers (IdPs):
    Microsoft Entra (Azure AD), Google Firebase, Amazon Cognito, Okta, OneLogin

We prioritize based on customer demand, so if your platform isn’t listed, let us know. The squeaky wheel gets the oil.

Frequently Asked Questions

Do users need to install anything?

No. MasterKey runs entirely in the browser — there’s no app to download, install, or configure. It works instantly across desktop and mobile.

Can we try it without making backend changes?

Yes. MasterKey overlays your existing login flow. It’s essentially a cosmetic change without any modification to your backend. You can deploy a test login page on a separate URL and either integrate the API by hand (about 20-lines of code) or with our help.

No-code plug-in modules exist for some environments and these are expanded each month.

Why is it secure on compromised devices?

The system design assumes the device is untrusted and could have a keylogger, Man-in-the-Middle (Man-in-the-Browser), or such. The phone screen becomes a graphical proxy of keyboard but credentials entered through this are never created as characters in the phone.

The decentralized protocol uses 3 security secrets in a handshack process to double-encode and then encrypt information, such as login credentials. There’s no single attack surface and with current technology it would require billions of years to decrypt, and even then would only reveal contextless meanlingless encoded data that could never be used.

Can I use it in a high-surveillance regions?

If you’re concerned about network sniffing, or firewalls throttling or blocking the internet, then travelers will find their mobile’s global roaming provides clear internet. The remote virtual machine sets up an encrypted connection with your devices browser, equivalent to a VPN. You then conduct your work on the remote virtual machine. Providing you use the invisible encrypted keyboard (on desktops by scanning the QR code) then there is no single attack surface to intecept making it incredibly difficult to compromise. On mobiles the invisible encrypted keyboard is there by default. On password fields it steps up security further by  slightly shuffling the keyboard characters left or right. The background changes to red to alert the user that the keyboard has changed slightly to protect them. 

Do you support Passkeys (FIDO2/WebAuthn)?

Yes. MasterKey is FIDO2 compliant to support Passkeys/WebAuthn (native device biometrics for  Proof-of-Presence).

It is enabled with a simple software switch with MasterKey — no development required.

For organizations considering Passkeys/FIDO2, MasterKey enables deployment without any backend development, saving months of work.

How does it do Multi-Factor Authentication in 1-step?

Yes. MasterKey delivers and reconsitutes the users credentials (1st-factor) and the device signature of the mobile browser (2nd-factor), and optionally can required the user’s proof-of-presence (3rd-factor such as biometrics using Passkeys) into a single seamless action — without second steps or OTPs.

What platforms do you support?

The system will work on virtual any web server architecture. 

An SDK can be provided for mobile applications.

We provide no-code plug-ins for some SaaS platforms and these are being added to each month. Additional integrations are in progress — just ask.

Is there a free version?

Yes. Developers can access the full platform — including documentation, live demos, and API keys — for free.

The system is free for small numbers of users.

Organizations requiring guaranteed service levels are encouraged to upgrade to a premium account.

Who is BankVault cybersecurity

The BankVault cybersecurity innovation team has been pioneering intelligent new approaches to web security since 2015.

We have over 30 innovations, with 14 Patents granted worldwide, 5 products in market, and backed by high-caliber shareholders, including Turing Laureate – Whitfield Diffie (the Father of Internet Encryption). The team won Top Fintech Startup Worldwide in Silicon Valley Forum’s 2016 World Cup Tech Challenge and more recently won “Best Overall Innovation” at the 2022 Indo-Pacific Maritime Defense Expo, along with numerous other international awards.

Our enterprise solution, MasterKey, provides secure, seamless (passwordless) authentication to online service. But more than just a security feature, it eliminates registration and login abandonment, effectively doubling/quadrupling customer acquisitions to turbochage growth for SaaS and E-Commerce businesses. 

The company has offices in San Francisco/Silicon Valley and Perth, Western Australia.

Icon 04 BankVault MasterKey Homepage Imagery Strong WebSecurity

Winner - "Top Fintech Startup Worldwide"
2016 World Cup Tech Challenge hosted by Silicon Valley Forum and Microsoft

Silicon logo
Icon 05 BankVault MasterKey Homepage Imagery Point Solution

Winner - "Best Overall Innovation"
2022 Indo-Pacific Maritime Defence Expo at the Sydney International Convention Centre

Graphic 03 BankVault MasterKey Homepage Imagery Mobile Orange Login

Test-Drive

Unlock Access
Graphic 03 BankVault MasterKey Homepage Imagery Mobile Orange Login

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.