Turbocharge Your SaaS Platform with Invisible Passwordless MFA
Double/Quadruple Customer Acquisitions by Eliminating Registration Abandonment and Login Abandonment
INSTANT Onboarding
Invisible Passwordles MFA
Invisible to users—no software, no setup, just seamless onboarding with instant access.
Customer Desertion Starts at Your Login Screen
Industry studies report 50-90% of online customer registrations are abandoned and never complete.
Lost credentials then drive existing customers away—silently killing engagement, loyalty, and growth.
Customers want INSTANT Access.
When Passwords and MFA Fail –
Trust Dies, Users Leave, Revenue Drops.
-
▸ Password Managers expose credentials to malwareAuto-filled credentials are rendered in cleartext inside the browser—instantly intercepted by Man-in-the-Browser (MitB) attacks. This is a fundamental design flaw in all browsers that password managers can’t fix.
-
▸ Passwords are weak, reused, and often forgottenThey are the most exploited vulnerability online and the greatest source of user friction.
-
▸ 2FA frustrates users, fails, and is frequently defeatedIt's expensive to deploy and support. Once a device is compromised, all that’s needed is a little social engineering to extract the second factor.
-
▸ One-Time Passcodes (OTPs) can be replayedAttackers can intercept or trick users into revealing their OTP, and reuse it within a narrow window of time—before the session locks.
-
▸ Account recovery is a business cost that never scalesWhen users lose access, recovery workflows burden support teams and frustrate customers.
-
▸ Cyber breaches are catastrophic for businessReputational damage, regulatory fallout, and lost trust destroy businesses.
Invisible Passwordless MFA –
Activates Users and Builds Trust.
-
▸ No software. No setup. No user trainingUsers onboard instantly—nothing to download, configure, or remember—making it up to 10× faster than traditional workflows.
-
▸ Protects users—even on compromised devicesThe system is designed to remain secure—even when the user’s device is compromised. We operate with Zero Trust of the endpoint: Malware can't intercept credentials that are never entered, stored, or exposed.
-
▸ New Decentralized Web Protocol and FIDO2 compliantTrust is enforced independently of the browser, device, or network. The architecture removes reliance on vulnerable endpoints—it's the foundation that makes invisibility and security possible.
-
▸ Deployed in minutes—not monthsThe open-source API can be integrated in ~20 lines of code with no backend changes. We already offer No-Code plug-ins for leading SaaS marketplaces. For transparency, the protocol is also published in a global patent application.
-
▸ Eliminating login abandonment creates momentumBy reactivating engagement and driving lifetime value.
-
▸ Growth accelerator to turbocharge your SaaSMore than a security feature, eliminating registration abandonment doubles, or quadruples, customer acquisitions, turbocharging growth.
Passwordless Gridlock
Analysts predicted 90% adoption as SaaS companies raced to provide frictionless access for users.
However, the steep costs of integration and change management often make Passwordless unviable.
With 50-90% of registrations abandoned, adding Passwordless only decimates conversions further—until now!
| Capability / Issue | Passwordless MasterKey | Passwordless Competitors | Passkeys / FIDO2 | OAuth / Social Media |
|---|---|---|---|---|
| No User Software or Setup | ✔️ | ❌ | ❌ | ✔️ |
| Change Mgmt Trends Toward Nil | ✔️ | ❌ | ❌ | ✔️ |
| Instant Onboarding | ✔️ | ❌ | ❌ | ✔️ |
| Eliminates Registration Abandonment | ✔️ | ❌ | ❌ | ⚠️ Partial |
| Eliminates Login Abandonment | ✔️ | ✔️ | ✔️ | ✔️ |
| Secure if Device Hacked | ✔️ | ✔️ | ✔️ | ❌ |
| Prevents MitB Attacks | ✔️ | ✔️ | ✔️ | ❌ |
| No Backend Integration | ✔️ | ❌ Med to High | ❌ High | ❌ Low |
| Open API | ✔️ | ❌ | ✔️ Open | ✔️ |
| SaaS Platform Plugins | ✔️ Some | ❌ | ❌ | ❌ |
| ROI | ✔️ Immediate | ⚠️ Varies | ⚠️ Varies | ⚠️ Varies |
Complements SSO and IAM
OAuth Isn’t the Answer
Password Managers Fall Short
Invisible by Design:
Powered by a New Decentralized Web Protocol
Security without friction — even on compromised devices — shifting trust away from the endpoint and into the decentralized protocol with no single attack surface.
- Invisible Passwordless MFA — Passwordless multi-factor authentication in one step (not 2 steps) with no user software or setup.
- Zero Trust of the Endpoint — The system is designed to remain secure even when the user’s device is compromised.
- Transparent with Open Standards — The API is open-source, and for transparency, the protocol is published in a global patent.
How it Works
MasterKey is deployed from the front face of an organization’s web server and harnesses the browsers on user mobile phones. There’s no app to download, install, or configure, so it is instantly accessible to all users.
The system is based on a new Decentralized Web Protocol that combines three cryptographic security secrets in the webserver, mobile, and MasterKey infrastructure. These three security secrets are never released, so they can never come together, thus leaving no single attack surface.
Together, these secrets double-encode the user’s phone screen, creating the illusion of a keyboard (Invisible Encrypted Keyboard). Information provided by the user, such as login credentials, is double-encoded and then further encrypted before being stored. With standard encryption and encoding, current technology would require billions of years to decrypt it and would yield contextless, meaningless encoded data that could never be used.
The system functions as a one-way trust vector. Only the original webserver can decipher the encoded credentials, and only if the process is first initiated by the user’s mobile. Two-factor authentication is achieved in a single step by passing through the unique device signature of the user’s phone. Proof-of-presence (biometric scan) using Passkeys/FIDO2 can optionally provide a third factor of authentication.
The system scales to any size and is being deployed into large SaaS platform marketplaces with hundreds of millions of users. It carries no PII (Personal Identifiable Information) and is compliant with GDPR/CCPA.
For organizations considering Passkeys/FIDO2, MasterKey enables deployment without any backend development, saving months of work.
Test Drive Your Own Website
- No Technology Risk — No single point of failure. Users can always log in with their credentials.
- No Security Risk — Credentials, now controlled by the webserver, bypass the user’s untrusted device.
- No Business Risk — Free to trial, and upgrade later for service level guarantees.
Experience it With Your Own Hands
Experience the simplicity. No software or setup.
Try MasterKey instantly on desktop and mobile.
No setup required — just scan and see it work.
Start Here — Self-Service Portal
Free Developer Access, No-Code Plugins, API Key
Includes pricing, setup docs, demo tools. No-code plug-ins are available for popular SaaS platforms.
Speak with an Advisor
Hands-on with a cybersecurity expert
Explore architecture fit, deployment options, proof-of-concept, best practices, and configuration options.
Securing SaaS Platforms You Already Use
- MasterKey is live in some of the world’s most trusted SaaS ecosystems (examples below)
- Open-source no-code modules are deploy in minutes — no cost, no risk, and no backend changes
- Prices span Free to Full Service, from 5 users to Millions (log in to the Self-Service Portal to view)
Odoo is one of the world’s fastest-growing open-source ERP platforms, serving some 300,000+ SMEs and 12 million users.
MasterKey is the only Passwordless option in the Odoo marketplace. The open-source no-code module can be deployed within 3 minutes, initially at no cost.
Administrators can gradually ratchet up security, switching from optional to mandatory, enabling/disabling 2FA at the user or the global level, and logging out inactive user sessions.
Moodle LMS powers over 150,000 schools, universities, and training providers globally, with an estimated 440 million users.
MasterKey integrates seamlessly into Moodle via a free no-code plug-in and can be deployed in minutes. It enables instant passwordless login.
Administrators can gradually ratchet up security, switching from optional to mandatory. A major issue it solves in education is the support burden of resetting user passwords each day.
WordPress
WordPress powers over 43% of all websites and supports thousands of third-party plugins.
MasterKey’s no-code plug-in deploys in minutes, with a free 5-user tier suitable for any site.
Numerous WordPress applications have users logging into sensitive data. MasterKey can be implemented within minutes with user adoption by osmosis. It’s delivers strong security with a smooth UX that increases engagement.
WOO
WooCommerce powers millions of online stores built on WordPress and is widely used by small to medium-sized businesses.
MasterKey deploys in minutes via the same no-code plug-in, adding invisible multi-factor authentication to secure customer logins without disrupting checkout.
It reduces cart abandonment, protects sensitive data, and improves UX — helping boost conversions and customer trust.
Integration Roadmap
MasterKey is expanding rapidly, with new platform integrations that can be released within weeks.
Our current roadmap includes:
SaaS Platforms:
Salesforce, Drupal, Shopify, Zoho, Atlassian, HubSpot, Slack
Identity Providers (IdPs):
Microsoft Entra (Azure AD), Google Firebase, Amazon Cognito, Okta, OneLogin
We prioritize based on customer demand, so if your platform isn’t listed, let us know. The squeaky wheel gets the oil.
Frequently Asked Questions
No. MasterKey runs entirely in the browser — there’s no app to download, install, or configure. It works instantly across desktop and mobile.
Yes. MasterKey overlays your existing login flow. It’s essentially a cosmetic change without any modification to your backend. You can deploy a test login page on a separate URL and either integrate the API by hand (about 20-lines of code) or with our help.
No-code plug-in modules exist for some environments and these are expanded each month.
The system design assumes the device is untrusted and could have a keylogger, Man-in-the-Middle (Man-in-the-Browser), or such. The phone screen becomes a graphical proxy of keyboard but credentials entered through this are never created as characters in the phone.
The decentralized protocol uses 3 security secrets in a handshack process to double-encode and then encrypt information, such as login credentials. There’s no single attack surface and with current technology it would require billions of years to decrypt, and even then would only reveal contextless meanlingless encoded data that could never be used.
If you’re concerned about network sniffing, or firewalls throttling or blocking the internet, then travelers will find their mobile’s global roaming provides clear internet. The remote virtual machine sets up an encrypted connection with your devices browser, equivalent to a VPN. You then conduct your work on the remote virtual machine. Providing you use the invisible encrypted keyboard (on desktops by scanning the QR code) then there is no single attack surface to intecept making it incredibly difficult to compromise. On mobiles the invisible encrypted keyboard is there by default. On password fields it steps up security further by slightly shuffling the keyboard characters left or right. The background changes to red to alert the user that the keyboard has changed slightly to protect them.
Yes. MasterKey is FIDO2 compliant to support Passkeys/WebAuthn (native device biometrics for Proof-of-Presence).
It is enabled with a simple software switch with MasterKey — no development required.
For organizations considering Passkeys/FIDO2, MasterKey enables deployment without any backend development, saving months of work.
Yes. MasterKey delivers and reconsitutes the users credentials (1st-factor) and the device signature of the mobile browser (2nd-factor), and optionally can required the user’s proof-of-presence (3rd-factor such as biometrics using Passkeys) into a single seamless action — without second steps or OTPs.
The system will work on virtual any web server architecture.
An SDK can be provided for mobile applications.
We provide no-code plug-ins for some SaaS platforms and these are being added to each month. Additional integrations are in progress — just ask.
Yes. Developers can access the full platform — including documentation, live demos, and API keys — for free.
The system is free for small numbers of users.
Organizations requiring guaranteed service levels are encouraged to upgrade to a premium account.
Who is BankVault cybersecurity
The BankVault cybersecurity innovation team has been pioneering intelligent new approaches to web security since 2015.
We have over 30 innovations, with 14 Patents granted worldwide, 5 products in market, and backed by high-caliber shareholders, including Turing Laureate – Whitfield Diffie (the Father of Internet Encryption). The team won Top Fintech Startup Worldwide in Silicon Valley Forum’s 2016 World Cup Tech Challenge and more recently won “Best Overall Innovation” at the 2022 Indo-Pacific Maritime Defense Expo, along with numerous other international awards.
Our enterprise solution, MasterKey, provides secure, seamless (passwordless) authentication to online service. But more than just a security feature, it eliminates registration and login abandonment, effectively doubling/quadrupling customer acquisitions to turbochage growth for SaaS and E-Commerce businesses.
The company has offices in San Francisco/Silicon Valley and Perth, Western Australia.
Winner - "Top Fintech Startup Worldwide"
2016 World Cup Tech Challenge hosted by Silicon Valley Forum and Microsoft
Winner - "Best Overall Innovation"
2022 Indo-Pacific Maritime Defence Expo at the Sydney International Convention Centre
