top of page

Changing 'The Authentication Game': Enter AutoPassword


When logging on to anything, it is the natural habit of users to blindly enter their password and user id without checking if the service is malicious or not. Hackers can be very shrewd by creating fake web pages that collect a user’s private information without them knowing. Adversaries may use a phishing attack (an email sent with a malicious link to a user’s inbox) which will guide them to the faulty web page. Once a user is ensnared, they are exposed to a variety of dangers:

  • Viruses

  • Spyware

  • Key-logging programs that collect any personal information typed in

  • Denial Of Service Attacks

  • Trojan Horse Malware

  • Etc.

Unless a website is obviously suspicious (a shady url link, lacking content, bad grammar or spelling, etc.) it is difficult for a user to determine whether the website they are on is legitimate. As a result, many users are taken advantage of because malicious websites are masked. As seen from lackluster 2FA or OTPs, the solution does not lie in regular authentication strategies. This is why DualAuth’s AutoPassword is improving authentication measures for the better.


AutoPassword is a mutual authentication technology that reverses the roles of existing authentication tech. Instead of a user having to verify their authenticity to a website, AutoPassword verifies the authenticity of the website to the user. AutoPassword is a product of DualAuth; a mutual authentication technology provider that is devoted to achieving the highest standards of security and convenience possible. The company was founded in 2017 by CEO John Jonghyun Woo, and is based in Boston (U.S.) and Seoul (South Korea).

Companies as big as IBM and VP (Korea’s number one credit card processing company) partner with DualAuth’s AutoPassword tech to support 10 million users and counting.


It should be clear that existing authentication techniques (such as MFA, one time passwords, provided passwords, etc.) do not prevent cyber attacks from happening. Existing authentication is merely another barrier for hackers to get through, but it is easily beaten by hackers all the same.

Since most users find it hard to practice secure password habits, they are vulnerable to any password being stolen if they access a malevolent website. It does not matter whether they use OTP’s (one time passwords) or two-factor authentication; all passwords are easy for hackers to copy or steal.

Even if a user does practice good password management, it is still inconvenient for them to have to memorize long and difficult passwords, change their passwords regularly, and apply them whenever the time calls. (Hence the reason why most users do not practice secure password habits).


Here is where AutoPassword steps in to aid the user. With its convenience and productivity, AutoPassword has the following benefits:

  • Creates and enters passwords automatically for the user

  • Each AutoPassword password is newly created so that it cannot be stolen

  • User does not have to install a Public Key Infrastructure service for each new device

  • User saves time on password management; no having to create, memorize, and save their own passwords

  • Reveals whether a website can be trusted before a user enters their important information

Overall, the biggest advantage is that no user is compromised by a fake or malicious website because AutoPassword has already verified whether or not the user can trust the service.


Image Courtesy Of "AutoPassword Whitepaper"

AutoPassword is highly simple and easy to use. The following is how AutoPassword functions:

  1. User enters their id to a website login.

  2. AutoPassword generates a photo password that is inserted in the password box on the website.

  3. The website’s legitimacy is verified when the same password on the website appears on the user’s mobile device.

  4. The user touches the login button on their mobile device, and they are automatically logged into the verified website on their computer.

AutoPassword’s mutual authentication technology works by communicating between an online server and the user’s devices. When the user touches the button on their phone to verify the login process, an internal password is sent to the server. Existing authentication is limited to functioning only on mobile devices, but AutoPassword can link a phone and a computer for authentication.


The main focus of this article was concentrated on AutoPassword’s debunking of fake websites, but it can also be applied to risky applications. To save users from malicious mobile apps, AutoPassword works the same way with a user entering their id to an app login and AutoPassword generating a random code to verify authenticity. AutoPassword currently works on PC, Windows, and Linux, and caters to a vast range of customers, including private companies, governments, online banking, cloud service providers, social media, etc. For more information about AutoPassword’s specialized products, visit

In mutual authentication technology, front-runners such as AutoPassword are paving the way for a new future of authentication practices. The critical thinking applied to creating AutoPassword’s products, in which a service (not a user) verifies their authenticity is not only more convenient but is also more effective in diminishing the rate of fake-web and app attacks. For its multiple benefits and streamline usability, it is highly suggested that users give AutoPassword and DualAuth’s wide range of products a try. Overall, much praise goes to AutoPassword for changing the ‘authentication game’!


bottom of page