The front-end interface is accessed through internet network which is exposed to various malicious activities or attacks on traditional web platform. Tozex is using Multi-factor authentication methods before granting access to a user after he or she has successfully presented two or more pieces of evidence (or factors) which, defined below:
Login & Password:
The first mechanism is composed of a traditional Login and Password method. The password will be saved in our encrypted database using the last generation of cryptography algorithm such as bcrypt to secure the password.
One-Time Passwords TOTP:
This protocol is considered to be a basic Two-factor authentication method allowing to sign in with the generation of a unique password which stay valid until the expiration of the timer. One-time passwords can be generated in several ways, by using a software application like Google Authenticator or Authy, an SMS manager code or a dedicated hardware like the SafeNet IDProve 100 by Gemalto.
Wallet Signature Access (WSA):
The last one is a new method to ensure that the user trying to be connected is the same who registered the account. During the registration process the user must to provide a public key generated on his own wallet to sign with his external wallet (hardware or software) by sending a specific authenticate message. The user can prove that he has the control of a particular public key address and hence assert the ownership of funds. This method is a gatekeeper protecting his account even the both previous methods were compromised.
Tozex is developed to ensure as much as possible the security of all the operations realized on the platform by respecting the state of the art by combining different technologies.
Find more at https://tozex.io
