aswad
Sign in Get Paswad
Product
Passkeys Web passport Transaction signing Pricing
Solutions
For Banks For Fintech For Governments Case studies
More
Security Compare Blog Sign in Get Paswad
Security

Security you can audit,
not just trust.

No passwords to steal, no shared secrets to breach. Just live-verified identity and phishing-resistant passkeys — with an audit trail for every use.

0
Passwords stored
100%
Phishing-resistant
<1s
To verify

Nothing to steal

No password database, no shared secret. A breach of a connected app exposes only useless public keys.

Phishing-resistant

Passkeys are bound to the real domain. Paste one on a fake site and it simply won't work — by design.

Bound to a verified passport

Every passkey traces to a KYC-verified, immutable web passport — so high-risk actions prove a real, present human.

Certified & compliant

Built to the standards your auditors expect.

SOC 2 Type II
Audited controls
FIDO2 certified
Phishing-resistant auth
PSD2 SCA
Strong customer auth
GDPR · CCPA
Data minimization

Security FAQ

Where is my private key stored?

On your device, protected by your biometric. It never leaves the device and is never transmitted to Paswad.

What happens if Paswad is breached?

There's no password database and no private keys to take — only public keys and an activity log. The most valuable target simply doesn't exist.

How do you stop account takeover?

Recovery is anchored to live verification against your immutable web passport — not an emailed link. High-risk recoveries add an agent check and a post-recovery cool-down.

Can an app act without me?

No. Reading and signing are separate grants, and every payment needs a fresh passkey tap. You can revoke any app anytime.