How It Works

Watch a video demo

Our disruptive technology can replace a remembered password where one-factor authentication (1FA) is required


It can supplement a conventional static password to provide true two-factor authentication –

–  “something you know” (static password) and “something you own” (TentoID in your phone)

–   suitable for banking-grade logins and card-not-present payment approvals

As a 1FA device our innovative app supplies millions of one-time passwords (OTPs) that people can read but machines can’t – even the phone that displays the OTP has no knowledge of what it is

As a 2FA device, the user uses a long, complex static password of the type usually required by banks and other fintech websites, followed by a shorter, dynamic Tento OTP.  In fact, Tento can also provide a convenient password reminder for the static password.  The same static password can be used at any site where 2FA is required.

Websites and corporate networks who require only 1FA no longer need to keep their own password files, removing a favourite target for hackers and cybercriminals.  They simply use the Tento Authentication Server (TAS) whenever they need to authenticate a user.

TentoLogoLR2 Tento uses visual cryptography to hide one-time passwords (or in this demo we can reveal our logo) in a user token stored in the user’s mobile phone.  These tokens are called TentoIDs.   Each TentoID is different and we can produce trillions of them, so they can be used to uniquely identify the entire web user population – like web-based DNA.

When users register with a website that has deployed Tento Authentication, they get a QR-code that contains their TentoID.  They download the Tento app from an appstore and use it to scan their TentoID.  Their phone has instantly become an even more valuable device as it can be used to login securely or to make online payments.  If the user has not previously protected their phone with one of the many systems available, they should definitely do so now!

Their phone is now capable of displaying Tento OTPs.  When they want to log in to a 1FA website, they enter their username as usual (no more passwords!).  They get an on-screen QR-code which they scan with the Tento app in their phone.   The OTP is immediately displayed on the phone screen.  They enter this on the web page to log in.

The phone does not need to be connected to any network.  It is used as an out-of-band device, just like a SecurID keyfob token, making it extremely secure.

A different QR-code is produced for every authentication request received by the TAS.  The OTP is displayed on the phone screen for 30 seconds.  After that it is deleted from the phone and from the TAS.  If the user fails to enter the correct OTP within the 30 second period, they are allowed a limited number of further attempts.

tento password - qr - password

Every TentoID token is capable of producing up to 4 million different 4-character OTPs.

We recommend the use of 4-character, alphanumeric passwords as it easy and quick to enter them for validation.

Tento OTPs conform to published authentication standards.  They are random, use 47 different keyboard characters and satisfy the uniqueness test.

Now go to FAQ’s

Share this: