top of page

How It Works

TokenOne allows users to verify their real world credentials and identity, register their phone as a token and create a secure and secret PIN.  A user can complete all necessary steps in a way that enables an organisation to meet both identity proofing and legal compliance requirements. Users can also add credentials as required by an organisation’s business rules.

Deployment of TokenOne Authentication
“TokenOne is the strongest form of software-based
Two Factor Authentication security I have seen.”


The Problem

With cybercrime now costing more than US$445 billion globally per year, organisations are facing increasing challenges to continually improve security and prevent unauthorised access to high risk or sensitive information and services.

Deal rooms, client portals, corporate records and critical systems often only require a username and password. Where Two-Factor authentication is provided, it is often cumbersome, expensive to manage and difficult to deploy.

At the same time, users are demanding security of their identity, their information and dealings with all service providers and expect a convenient, secure and easy-to-use service too. As a result, organisations have to balance consumer demands while meeting their security and compliance requirements.

Deploying TokenOne Authentication Based On One-Time Pad Principles
Technology Overview

Patented Technology

Based on principles of industry recognised uncrackable form of encryption (One-Time Pad).

No Algorithms

Ensures TokenOne is not vulnerable to someone cracking an algorithm and compromising multiple accounts and all the reliant services and infrastructure.


Secure and simple by proving the presence of the device and mentally scrambling the PIN.

Genuine strong 2FA


As both factors are strong, TokenOne proves the presence of the device AND the user and is one of the few mass market authentication solutions where both factors are strong.

Self Management

Users register their device as a true and unique token and create their own PIN. Ongoing management of both is also done by the user.

PIN never revealed

The user knows their PIN which is never entered or revealed to anyone, not even to TokenOne or the service the user is accessing.

Supported Sites & Services

The sample below is just some of the over 2500 supported sites and services.

bottom of page