About TokenOne

TokenOne is a Cyber Security software company. Our patented technology makes it easy for organisationsand their users to replace passwords, tokens and other forms of authentication with a more secure, cost effective and convenient solution.

Uniquely, a TokenOne user’s secret PIN is never entered, transmitted or even stored so that no one else can determine the user’s PIN; not a hacker compromising the user’s computer, or even TokenOne or the service the user is trying to access.

TokenOne Keeps Secrets Secret.

How is TokenOne Different from other Authentication Systems?

There are three accepted ‘factors’ in authentication security:

1. Something you know – the knowledge factor (e.g. a password, or TokenOne PIN)
2. Something you have – the possession factor (e.g. a physical device such as token or smart phone)
3. Something you are – the inherence factor (e.g. biometrics)

TokenOne Authentication sets a new standard for the knowledge factor in authentication.

We all have too many passwords and instinctively know now they are not verysecure. However, the real problem with passwords is that a user has to actually tell someone what their password is (by entering it) to prove they know it, which makes passwords vulnerable to compromise.

Most two-factor authentication (2FA) or three-factor (3FA) solutions still rely on passwords as the knowledge factor, but since passwords are not a strong knowledge factor these solutions are not genuinely strong 2FA or 3FA solutions, where both factors would be strong.

A TokenOne user can prove to the service they are trying to access that they know their TokenOne PIN without ever entering it or revealing it to that service or anyone else. This is called a ‘zero knowledge password proof’ and makes the TokenOne PIN a strong knowledge factor.

The second factor with TokenOne Authenticationis the user’s smart phone. This has been profiled and must be present at the moment of authentication before a user canprove theyare an authorised user. This is a strong possession factor.

With TokenOne Authentication both the knowledge factor and possession factorsare strong which is critical for secure access to very sensitive information and services.

Further, compared to other non-biometric authentication solutions,one of the key differentiators of TokenOne Authentication is that it proves ‘User Present’ at the moment of authentication, because the knowledge factor can be relied upon.

TokenOne enables organisations to prove the identity of the person accessing their site or serviceat any given moment, and prevents that user from denying (or repudiating) that they did in fact access the information in question.

This is vital for both security AND compliance purposes, particularly for access to highly sensitive or regulated information for corporate, government and critical infrastructure.

Features and Functionality of TokenOne Authentication

Patented technology – based on an industry recognised un-crackable form of encryption (One Time Pad).

Not based on algorithm – ensures TokenOne is not vulnerable to someone cracking an algorithm and compromising multiple accounts and all the reliant services and infrastructure.

Self-Management – users register their phone as a true and unique token and create their own PIN. Ongoing management of both is also done by the user.

Authentication – secure and simple by proving the presence of the phone and of the user who mentally scrambles their PIN and enters a different alpha code each time, never their PIN.

Genuine strong two factor authentication as both factors are strong – TokenOne proves the presence of the phone AND the user and is one of the few mass-market authentication solutions where both factors are strong.

PIN is never revealed – the user knows their PIN which is never entered or revealed to anyone, not even to the service the user is accessing.

Improved Customer Security and Experience with TokenOne Authentication

Business Challenge

We want to prevent unauthorised access to websites and prevent unauthorised web based transactions




Access to secure banking sites, authorising high risk financial transactions, changing customer details or authorising a share trade.

I don’t want my customers to have to use different authentication solutions across different websites.




Organisations running separate websites for share trading, banking and wealth management.
Organisations using different 2 factor authentication for websites and call centres.

My customers don’t want to provide biometric data – they are concerned about security and social engineering




Providing eye scan or finger print data that could be used for identity theft

TokenOne Benefits

We want to prevent unauthorised access to websites and prevent unauthorised web based transactions




Access to secure banking sites, authorising high risk financial transactions, changing customer details or authorising a share trade.

Provides a single highly secure two-factor authentication method across multiple websites and channels – no more multiple passwords, PINs or clunky grid pads.



Extend the same authentication method to your call centre and ATMs with the same customer experience.

Customer does not need to provide biometric data to the financial institution and can easily revoke the credentials at any time (unlike biometrics).

Improve Third Party Security

Are you in control of third party access to your systems? Are you able to revoke access quickly and efficiently when required?

Business Challenge

We have a wide variety of external third parties that require secure access to our internal systems




Access for brokers, financial advisers, IT support, legal advisers, mortgage insurers

We have cumbersome processes for setup and maintenance of current 2 factor authentication process with third parties




Distribution of tokens for third party access is expensive and cumbersome.

TokenOne Benefits

Provides a single highly secure multi-factor authentication across multiple systems.





No complex grid cards, distribution of tokens or other hardware to support two factor authentication. Its all on the smart phone.
When access needs to be revoked then revoking TokenOne access will prevent further access to the systems.

Resolve Staff Access Issues

Due to expense and complexity – strong two factor authentication has been used mainly for external high risk transactions, but TokenOne can provide an economical and simple implementation for internal transactions too.

Business Challenge

We want to control access to ensure the highest level of authentication for high risk transactions and functions


Financial transactions, ‘four eyes’ processes, access to system root directories

We find it challenging to always remove access to high risk systems in a timely manner


We have some older systems that still use generic accounts – I am worried about the security risk of access control on these accounts

TokenOne Benefits

Reduces complexity and manual processes for internal high risk transactions by providing multi-factor authentication for all parties to the transaction and a clear audit trail on who was involved.




Access is removed simply and quickly when required. Once OneToken access is revoked it is impossible to authorise the transaction.

TokenOne can provide a clear audit trail of who accessed the system, and when.


Reduce Costs

Business Challenge

Our current two factor authentication solutions are costly




SMS, call centre verification on 2nd factor, token distribution

Our fraud costs from hacking incidents are increasing and reliance on 2nd factor details that can be socially engineered is problematic

TokenOne Benefits

TokenOne removes the need for SMS authorisations, tokens and/or gridcards. The customer is self supporting in the setup and ongoing administration of the solution.



TokenOne provides a higher level of security than the usual two factor solutions as it always proves that the user is present for the transaction. This means identity theft does not compromise the 2nd factor.

Easy to Implement

Business Challenge

We have found most 2nd factor solutions require significant expenditure and a major project to implement



We don’t want to have 2 factor everywhere – we just need to apply it at the transaction level on high risk transactions only

I want choice on how we implement – either Software as a Service or hosting in house



TokenOne Benefits

TokenOne is virtually plug and play. It does not require tight integration to you systems and is immediately compatible with a wide range of operating systems and APIs.

TokenOne can be implemented at various levels in your systems – everything from total system access down to a single process or transaction but also at a transaction level – so you can focus your security where it matters

TokenOne can be purchased either as software you run in house, or as a service. There are a variety of pricing models.

Enhance Risk & Audit Reporting

Business Challenge

I want to prevent Audit and risk findings due to:
Insecure access
Failure to remove access in a timely manner
Penetration tests showing hackable passwords
Fraud losses





TokenOne Benefits

TokenOne reporting can provide strong evidence on who has had access to your systems, when….and that the user was actually present at the time of the transaction.

Even more important, by providing two factor authentication on any system or transaction – TokenOne can reduce the risk of shared passwords, inappropriate access to high sensitivity data and systems.

TokenOne does not hold or transmit any PIN or password data.

Solution Benefits Summary for Customers

  • Highly secure, simple and convenient – one phone/device, one solution, multiple services
  • Self-registration and management with no additional hardware
  • Users securely self-manage and self-replace their PIN, even if forgotten
  • Increased user confidence as their identity is being protected – their PIN is never entered, transmitted or stored