Authenticate to Connect
A Simple Way To Keep Cyber Criminals At Bay
  • one unified method to authenticate both humans and machines
  • only expose applications to legitimate service subscribers
  • eliminate credential theft and MFA attacks
  • more effective teams - fewer resources - lower business cost
Leave The Cyberwar Behind
  constant chase of new vectors of attack   escallating cyberbudgets   secops burn-out   rising costs   repeat ...


Identity Plus changes the paradigms of access from connect-then-authenticate to authenticate-to-connect. This is not just a game of words. It determines who has the leverage in cybersecurity.

Connect Then Authenticate

More than 90% of attacks are independent of authentication - they can be performed without owning or having access to an account, simply by having access to the application and its vulnerabilities. Even with perfect protection against credential theft, less than 10% of attacks can be put under control.

Authenticate To Connect

When authentication is prerequisite to establishing communication, all vulnerabilities are dependent on having access to an account. All actions can be attributed to an owner, visibility is 100%. Everything you see is actionable, not only during but post action also. Unknown devices can never connect.

Shut Out Cybercriminals And Only Allow Legitimate Service Subscribers

Block Bad Bots

You don't need to know which devices are malicious. You know the devices of your customers, everything else can be blocked.

Eliminate The Attack Surface

Every action is 100% attributed. Even if you have vulnerabilities, you'll know which customer is trying to exploit them.

Prevent Layer 7 DDoS Attacks

Unless your customers are ganging up against your service, distributed does not makes sense. Nobody else can connect.

Zero-Day? Not For You!

These are the vulnerabilities you don't know you have. Well, when the crucial day comes, you will have plenty days to fix it.


Looking for a better multi-factor authentication? Don't. The shortcomings of authentication are not in the number of factors, but in authentication itself - the process. Like all quick-fixes to otherwise architecturally flawed processes, MFA works while it's new, but by the time you roll it out, the criminal world has already caught up with the change...

MFA Bombing

Attackers hammer the user with MFA validation requests until they accidentally approve or they disable MFA thinking that is's broken

Identity Plus doesn't need a user name or any reference peg to identify the visitor and authentication cannot be triggered on a different device than the one establishing the connection.

EvilProxy Phishing

Attackers lure in users and channel their communication with services using tools like Evilginx or Criminal SaaS like EvilProxy Phishing

Access based on device identity is not vulnerable to MITM attacks as the service identifies the connecting device, which in this case is the man-in-the-middle agent, immediately revealing the fraud.

Authentication Hijacking

Attackers Exploit vulnerabilities in online applicaitons, browsers or extensions to copy the session cookie once the user has logged in using MFA

Identity Plus is the only sign-on/sso/online access solution that is not vulnerable to having the session cookie stolen because it is the only technology that does not rely on cookies to maintain user login status.

Simplify your security stack with one, unified Architecture

Complexity - More is Less


Convergence - Less is More

Each user journey requires bespoke solutions, each with specific security tools - web login, 2FA, JWT, PKI management, VPN, IP white list, WAF, bot control, et cetera. All these must work in parallel and interact, often negatively, increasing complexity, cost, while lowering efficiency.

All user journeys converge to a single, unified, protocol. You get rid of a series of niche solutions, and those few that remain will work as a single pipeline. Lean solution, lean team, total control, and the more use cases you on-board, the more efficient and cost effective your solution becomes.

The model where devices first connect and later somebody authenticates defaults you to a reactive model: you don't know which of those devices are going to attack and you are unable to take action against them if they do (attackers remain hidden even if the attack is blocked). You need lots of defenses to cover all possible combinations, because your security is a function of defense.

The model where devices cannot connect without an identity ensures that unknown devices cannot touch you, so you need not worry about them even if you have vulnerabilities in your application. Those that can connect, you know the accounts they belong to, so if you detect an attack you can hold them responsible: they are accountable for their actions. You hold all the aces.

drag to see the difference


This is where even the most modern 2FA reaches its limits, and your complexity journey accelerates as they only cover about 17% of the traffic. Stats show that 83% of the Internet (not counting internal) traffic is automated. Already Alexa ca do things on your behalf. Human-centric authentication is the past, the future will be dominated by bots. Welcome to the future ...

Secure End-User API For Bots

Imagine your SaaS API customers enrolling their bots with a QR-code scan while you retain the ability to block all unknown bots - as if your SaaS customers were given a VPN into your environment.

Frictionless Business-to-Business

The fully automated, self-provisioning model pioneered by Identity Plus, eliminates the problem of key expiry and removes the need to manage keys, so you never have to open a VPN for any third party, while avoiding hit-and-miss methods like IP White-listing

Unbounded Micro-Services

Our ground-breaking digital identity system treats all machines (devices, software and other digital constructs) as one, so you can secure your micro-services communication, across clouds, even third parties without having to maintain any added tooling.


Delight your customers with an effortless online access experience...

Try Everythingless?

Identity Plus is the only secure single sign-on/access technology that requires no secondary tools or information from the customer, such as email or user name. Users simply open a site and they are invisibly logged in.

Recovery & Invalidation

Got a shiny new device? Enroll one with the help of another enrolled device.

Lost or need to send a device to a repair shop? One click to disable access from that device to all linked accounts.

Identity Plus IN ACTION

For engineers, by engineers...

Secure Sign-On as a Service for SaaS Platforms

Replace the 1FA or MFA on your multi-tenant/SaaS Website with Identity Plus. Offload the user management to us, and work with validated devices that are bound to local accounts in your service.

Customer API Gateway Security

Exchange insecure web-tokens for X.509 Client Certificates and make sure your end-user bot interface can only be accessed by your customers. 100% bad bot filtration.

Mobile Gateway Security

Put your entire mobile customer base on Mutually Authenticated TLS. Your mobile gateway gets will be exclusively accessible to your customers. Customers can then use your app to log into your website by scanning a QR Code.

Zero Trust for Testing and Automation

For all intents and purposes, automated testing - whether load testing or security testing - is indistinguishable from from DDoS, so it is difficult to have one and prevent the other. Gain 100% visibility and control with device level authentication.

B2B Access Without Key Management

The vast majority of service outages is not due to application errors but rather key expiry. Gain security and comfort with an X509 client authentication solution that your never have to manage.

Secure Single Sign-On for Wordpress / Manage Wordpress Farms

Use our Wordpress Plugin to invisibly sign into the admin panel while blocking admin from all non-admin owned devices. It's particularly convenient if you manage multiple Wordpress sites.

Corporate / 3rd Party Hybrid Zero-Trust

If you are on a zero-trust journey within your enterprise, imagine being able to control access to internal applications on a device level. What's nice, is that you can extend that access externally too without having allow 3rd parties into your network.

Multi-Cloud Zero-Trust Micro-Services with 3rd party access

Micro-services zero trust comes with a rather complex suite of tools you need to manage. With Identity Plus you can get rid of them all, and instead base your in-house zero trust stack on nothing more than the standard HTTPS/TLS protocol stack.

Secure Access for IoT & Critical Infrastructure

Deploy role-based access control (RBAC) to single tenant setups, or as an added-layer device barrier to vulnerable finite-tenant applications that need be accessed via the Internet. Think of it as zero-trust across the Internet.

Zero-Trust for Non HTTP

Have you ever considered exposing a database or a messaging queue on the Internet but were afraid to do so? You can do that now with Identity Plus TLS Client Authentication both for your corporate needs or direct to customers.

Secure Self-Hosting

Enjoy hosting your own systems and making them securely accessible from the Internet to you and your friends. You can do that with Identity Plus from the comfort of your home, even if you are leasing dynamic public IP addresses.

Develop Locally With HTTPS

If you had problems developing for HTTP only for it to break when you put it on HTTP, fret no more. Use the Identity Plus dev features to develop TLS dependent functionality with local IP addresses.

In times of permanent danger, such as wars, people spend their time, energy and resources building and operating defenses and are continually concerned about when the inevitable will happen - a failure in defense... This is the true state of the current cyberspace.

In times of security, people don't build defenses. They spend their time and energy to build a better future. Let's build that cyberspace together. It is actually quite possible.