WhoToken is a Multi-Factor Mutual Authentication (MFMA) service that facilitates identity verification between two or more individuals through the use of a unique WhoToken.

Multi-Factor Mutual Authentication (MFMA) combines mutual authentication and two-way authentication, wherein both parties authenticate each other simultaneously. In technology terms, it involves a client or user authenticating themselves to a server and vice versa, ensuring mutual assurance of each other's identity. In online authentication processes, mutual authentication is often referred to as website-to-user or site-to-user authentication. With Multi-Factor Mutual Authentication, two or more individuals share a common token capable of generating multiple token cards (up to ten). Each token card contains a unique set of codes and words visible to all participating individuals, ensuring mutual confidence in each other's authorization.

You may require WhoToken in scenarios such as receiving a cold call from your bank or financial institution, requesting personal details to confirm your identity. However, it's essential to verify the caller's authenticity, as impostors may attempt identity theft by posing as legitimate entities.

Feel free to try it out! Accessing WhoToken is completely free on our website. Simply input any random string into the provided input box below and click the "Go" button to generate your random WhoToken live!

How does WhoToken Work?
  1. Generate a unique WhoToken link ( Click here for example WhoToken Link ).
  2. Share this link only with the individuals or entities with whom you want to perform mutual authentication.
  3. When either party needs to verify the other's identity, both parties open the shared WhoToken link.
  4. Use the two parts displayed on screen to challenge each other's identity.
  5. Individual One reads part "One" of the WhoToken to Individual Two.
  6. Individual Two confirms the information provided by Individual One matches part "One" of the WhoToken displayed on their screen.
  7. Individual Two reads part "Two" of the WhoToken to Individual One.
  8. Individual One confirms the information provided by Individual Two matches part "Two" of the WhoToken displayed on their screen.
  9. With mutual confirmation of each other's identity, trusted communication can proceed.

It's crucial for both parties to ensure they are viewing the exact same information, as any variance in the WhoToken string will result in failure to verify each other. The two parts of the WhoToken facilitate mutual authentication, allowing each party to confirm their identity to the other.

The WhoToken changes every 90 seconds, rendering communicated tokens useless after this period. Additionally, the unique WhoToken link cannot be reverse-engineered, as the algorithm used for generation is centralized within our service and not publicly visible. To enhance security, store the WhoToken link safely, preferably on a mobile device secured with a passcode, to prevent unauthorized access in case of a lost or stolen phone.