PhoenixAuth combines passwordless passkeys with Post-Compromise Security. Device stolen? Credentials phished? One Phoenix refresh locks the attacker out — automatically.
80% of breaches involve compromised credentials. Current MFA gets phished. Passkeys don't recover. No authentication system today automatically heals after compromise.
Adversary-in-the-middle relays bypass TOTP, push notifications, and even SMS OTP in real-time.
Passkeys tied to a single device. Phone stolen or broken? Start over. No cryptographic recovery path.
Even identity providers get compromised. When the SSO fails, every downstream service is exposed.
PhoenixAuth builds on the same Phoenix Core Engine as PhoenixSig — PCS, PQC, and Threshold — with a purpose-built authentication layer.
WebAuthn/FIDO2 compatible passkeys with Post-Compromise Security. PQC-backed (ML-DSA) and recoverable via Phoenix refresh. Lost device? Social recovery. Stolen credential? Instant invalidation.
Session-bound signatures with periodic re-verification. Anomaly-triggered step-up. Zero-downtime refresh keeps sessions alive while rotating the cryptographic material underneath.
Risk-based escalation — low-risk actions pass through, high-value operations require biometric or multi-party approval. Policy-driven, fully configurable per role and action.
Sensitive changes (password reset, security settings, large transfers) are held for a configurable delay. Multi-channel notifications. Cancel window. Guardian alerts.
Designate guardians who can help recover your account via M-of-N threshold approval. Time-delayed for security. Automatic Phoenix refresh post-recovery.
Multi-device enrollment with trust levels. Cross-device verification for sensitive actions. Lost device revocation without losing your identity.
PhoenixAuth is being built in phases. Here's what's coming beyond the core features.
Geofencing rules, travel mode, anomaly detection, and VPN awareness. Deny authentication from unexpected locations automatically.
Geofence · Travel Mode · AnomalyAnti-deepfake challenge-response verification. TEE attestation ensures the biometric check runs on real hardware, not emulated environments.
Anti-Deepfake · TEE AttestationProve membership without revealing identity. Anonymous voting, privacy-preserving access, credential non-linkability. Zero-knowledge proofs on Phoenix Core.
ZK Proofs · Anonymous · Non-LinkablePhoenix Passkeys replace phishable MFA. Device trust network verifies endpoints. Continuous auth detects session anomalies. SSO survives provider breaches.
Step-up auth for high-value transactions. Time-delayed transfers. Location binding. Continuous session verification. Every transaction cryptographically proven.
Biometric liveness prevents credential sharing. Continuous auth ensures the right person accesses the right records. Full audit trail for HIPAA compliance.
PhoenixAuth integrates with your existing identity stack via standard protocols.
PhoenixAuth shares the same Phoenix Core Engine as PhoenixSig. Combine both for complete cryptographic identity — one key system for signing and authenticating.
"Same guardian network. Same recovery process. Same PCS."PhoenixAuth is currently in development. Join the waitlist to get early access, shape the product with your feedback, and be among the first to deploy authentication that survives compromise.
We'll notify you when PhoenixAuth is ready for early access.