TentoID Acceptors . . . .
are websites or corporate networks that accept TentoIDs for authenticating user logins.
Tento holds no user registration data – not even the email addresses of registered TentoID users. Personal user data is held by TentoID issuers and acceptors – as now.
So Tento cannot share user data with any other website. And hackers cannot use any data they might steal from us.
When TentoID users log in at an Acceptor site, they enter their username. They may or may not enter a password, depending on the site security policy. If they do enter a password, it will be verified by the acceptor site before they request a one-time password from our authentication server. Once we issue a OTP, it survives only 30 seconds. If the user does not return a correct OTP response within that interval, they will get a limited number of further attempts. If no correct response is made, the user is locked out for a period of time that is set by the acceptor site.