Multifactor lets you share access to accounts securely without exposing passwords. Use links like Google Docs to grant access. Import from LastPass, Apple, or Google with one click. Let AI agents log in and take action with your permission.
Hello, Product Hunt! Thanks for checking out Multifactor.
🧑💻 Who are we?
I’m Vivek Nair, co-founder & CEO, a Ph.D. computer scientist and former CIA officer. Colin Roberts, co-founder & CTO, is a Ph.D. mathematician and former NASA scientist. We’re both passionate about usable security, with over a decade of cybersecurity experience.
🚀 What is Multifactor?
We’re launching the best new way to securely share online accounts with humans and agents alike. Multifactor turns any account into a “checkpoint link,” making secure and revocable account sharing as easy as sharing a Google doc.
🤔 What can I use it for?
One of our investors uses the app to share email and calendar access with a rotating team of personal assistants without worrying about unauthorized edits.
Our friend who is a financial advisor uses Multifactor to manage their clients’ brokerage accounts without needing their passwords.
Our colleague uses Multifactor to share Instacart and Netflix accounts with her roommates while being able to easily add and remove people.
⏳ Why now?
With increasing adoption of passkeys, biometrics, and MFA, accounts are getting more secure but harder than ever to share. Sharing conventional accounts with non-human actors (like AI agents) is also an emerging need that current solutions fail to address.
🔜 What’s next?
Multi, our AI assistant specializing in secure online account use, is right around the corner, with API access for developers coming shortly thereafter. The version you’re using today will always be free, but an enterprise plan with advanced features is coming soon.
🔥 We’d love to hear what you think! Comment below!
What frustrates you about existing password managers?
How are you planning to use Multifactor now or in the future?
What features do you hope to see in our next release?
Report
@viveknair AES256 encryption Passwords hashed somewhere? How are you tackling quantum computing and the ability to crack AES in the near future? Good luck with the launch.
@rishiuttamhk Great question! We encrypt passwords on the client side using CRYSTALS Kyber (also known as MLKEM), a quantum-resistant encryption scheme. We're the first password manager to not only offer post-quantum security, but also directly encrypt your data using ALL of your available authentication factors, through our MFKDF algorithm.
Report
@viveknair Thats great, at-source encryption. Good luck with everything, your no.1 today!
@rohanrecommends Absolutely! We use the exact same system (called 'Checkpoint') for securely sharing online accounts with humans and AI agents just by sending a link. From the agent's perspective, it clicks on a link and is "already logged in" to your account, meaning that it never has to directly handle credentials or navigate complex login flows.
I'm curious: If you had a tool that could securely log AI agents into any of your online accounts, what would you use this for?
@viveknair If a shared link is used on a mobile device to log into a banking app via their native client (not a web browser), how does Checkpoint instantly revoke the session without a password rotation?
Report
@viveknair - how long have you been in dev for? I have a similar app in architecture, but not revolving around the password vertical. Could be a solution to the 'security' flag I am sure you get all the time. Looking forward to your launch.
It seems to be a clever way to share credentials with AI! Does it mean your AI is also an agent just like others but with a layer that ensures AI won’t expose the credentials by accident?
@daniellee2309 That's right! We built a system called "Checkpoint" that puts a secure proxy server between your online accounts and anyone you share them with (including other users, or an AI agent). The proxy runs inside a trusted execution environment and handles logging in automatically, ensuring that credentials are never visible to the recipient.
Report
@viveknair It looks so boom! Can I share passwords with people who don't have a Multifactor account?
Report
“As easy as sharing a Google Doc”... love the positioning! Do you have any BFCM deals coming up? :D
It's no secret that we'll be launching a paid plan at some point in the future (mostly targeted at enterprise customers), but signing up today through Product Hunt ensures you'll have basic access for free indefinitely!
Report
Congrats on the launch! Can I share passwords with people who don't have a Mltifactor account?
@leahdgibson17 You can! You can share accounts to any email address from the sharing page within the app and the receiver will be alerted that an account has been shared with them via email.
@leahdgibson17 Great question, Leah! You can send anyone an invite link via an email, but they'll need to create a free Multifactor account in order to accept the request.
Because we use an end-to-end encrypted zero-trust security architecture, we need to make sure the recipient sets up their own client-side decryption key before they access the shared account.
Report
@leahdgibson17@viveknair ahh, both parties need to have multifactor accounts to share,, slight friction there though, but if you need to share that might be the only way.
Report
Quick question:
Do you already have a user onboarding or “how it works” guide, or is that still in progress?
@chimeremeze We have user onboarding that will walk you through importing and adding accounts/credentials. Once you have accounts added, you can share these accounts with anyone by accessing the account action page (click the three dots in the top right of an account card).
We are always happy to add more assistance with onboarding. Was there anything you found confusing or that could use more explanation?
Report
Great work! With the number of passwords we have to remember and manage, this is needful and an easy to use tool for that. Do you have anything to nudge users to change their passwords when it gets compromised, or perhaps after 6 months?
@karevaradharaj Yes, there is already a "playbook" in the app that can alert you of weak or compromised factors. We plan on automating credential rotation and security upgrades in the future too.
@karevaradharaj You should try the "playbooks" feature (preview)! After you import your accounts from another password manager, we have a playbook that will automatically detect weak, compromised, or reused credentials.
Coming soon is a Multi integration that automatically rotates all of your credentials for you, either periodically or when a breach is detected, so you don't even need to worry about manual credential rotations.
Report
Great product, I have so many questions but this indeed solves a real pain, congratz on launching!
To use it I will need to store all my password including all MFAs into Multifactor right?
When I want to share, I just share a Checkpoint link which is already logged in using my password and MFA? So to the person that are receiving it, they actually never need to do the login themself since it's already logged in for them?
Multifactor tracks the action they have taken on the site so I can see exactly they did with my account?
How does Multifactor prevent certain action? is it just by URL checking or I can specify don't allow the user to click on this button or something like that?
@royybao Let me answer these for you: 1. You can freely store as many or as few credentials (MFAs) with your accounts as you wish. However, to get the full use of the app (i.e., sharing with Checkpoint) you will want to provide a set of credentials that allows you to completely login to an account. For example, on GitHub you will likely want to provide a password + TOTP factor or you could just provide a passkey! You would not need to provide your password + TOTP + passkey if you didn't want to.
2. That's correct! That is the safest and most secure way of sharing accounts that we offer. Sharing with Checkpoint means the receiver can never see any of your credentials. You will also be able to provide a policy for what actions the receiver can take with your account too. You are also free to share accounts via the basic sharing system too, but in this case users will at least be able to see your credentials and will have full account access.
3. Exactly. We refer to this as "auditing". This means you know exactly where/when/how your account was used. Again, with Checkpoint, you can limit the ways your account is used all together.
4. When you use Checkpoint, you are connected to the target website through our proxy which runs in a Trusted Execution Environment (TEE). This proxy sees the HTTP traffic and it can prevent specific requests from being made, or modify them given a set of rules. Likewise, this proxy is what injects credentials into the requests so the receiver of a Checkpoint link can never see the credentials.
TEEs are used to keep your data as safe as possible!
---
Great questions, Roy! Happy to answer any more you may have :)
Multifactor
Hello, Product Hunt! Thanks for checking out Multifactor.
🧑💻 Who are we?
I’m Vivek Nair, co-founder & CEO, a Ph.D. computer scientist and former CIA officer. Colin Roberts, co-founder & CTO, is a Ph.D. mathematician and former NASA scientist. We’re both passionate about usable security, with over a decade of cybersecurity experience.
🚀 What is Multifactor?
We’re launching the best new way to securely share online accounts with humans and agents alike. Multifactor turns any account into a “checkpoint link,” making secure and revocable account sharing as easy as sharing a Google doc.
🤔 What can I use it for?
One of our investors uses the app to share email and calendar access with a rotating team of personal assistants without worrying about unauthorized edits.
Our friend who is a financial advisor uses Multifactor to manage their clients’ brokerage accounts without needing their passwords.
Our colleague uses Multifactor to share Instacart and Netflix accounts with her roommates while being able to easily add and remove people.
⏳ Why now?
With increasing adoption of passkeys, biometrics, and MFA, accounts are getting more secure but harder than ever to share. Sharing conventional accounts with non-human actors (like AI agents) is also an emerging need that current solutions fail to address.
🔜 What’s next?
Multi, our AI assistant specializing in secure online account use, is right around the corner, with API access for developers coming shortly thereafter. The version you’re using today will always be free, but an enterprise plan with advanced features is coming soon.
🔥 We’d love to hear what you think! Comment below!
What frustrates you about existing password managers?
How are you planning to use Multifactor now or in the future?
What features do you hope to see in our next release?
@viveknair AES256 encryption Passwords hashed somewhere? How are you tackling quantum computing and the ability to crack AES in the near future? Good luck with the launch.
Multifactor
@rishiuttamhk Great question! We encrypt passwords on the client side using CRYSTALS Kyber (also known as MLKEM), a quantum-resistant encryption scheme. We're the first password manager to not only offer post-quantum security, but also directly encrypt your data using ALL of your available authentication factors, through our MFKDF algorithm.
@viveknair Thats great, at-source encryption. Good luck with everything, your no.1 today!
Multifactor
@rishiuttamhk Thanks Rishi! Your support means the world to us!
@viveknair Many congrats on the launch! Could you explain how this integrates with AI agents?
Multifactor
@rohanrecommends Absolutely! We use the exact same system (called 'Checkpoint') for securely sharing online accounts with humans and AI agents just by sending a link. From the agent's perspective, it clicks on a link and is "already logged in" to your account, meaning that it never has to directly handle credentials or navigate complex login flows.
I'm curious: If you had a tool that could securely log AI agents into any of your online accounts, what would you use this for?
PicWish
@viveknair If a shared link is used on a mobile device to log into a banking app via their native client (not a web browser), how does Checkpoint instantly revoke the session without a password rotation?
@viveknair - how long have you been in dev for? I have a similar app in architecture, but not revolving around the password vertical. Could be a solution to the 'security' flag I am sure you get all the time. Looking forward to your launch.
Free to chat at anytime. 1@affynix.ai
Pura Vida!
Multifactor
@daniellee2309 That's right! We built a system called "Checkpoint" that puts a secure proxy server between your online accounts and anyone you share them with (including other users, or an AI agent). The proxy runs inside a trusted execution environment and handles logging in automatically, ensuring that credentials are never visible to the recipient.
@viveknair It looks so boom! Can I share passwords with people who don't have a Multifactor account?
“As easy as sharing a Google Doc”... love the positioning! Do you have any BFCM deals coming up? :D
Multifactor
@himani_sah1 Can't beat free! ;)
It's no secret that we'll be launching a paid plan at some point in the future (mostly targeted at enterprise customers), but signing up today through Product Hunt ensures you'll have basic access for free indefinitely!
Congrats on the launch! Can I share passwords with people who don't have a Mltifactor account?
Multifactor
@leahdgibson17 You can! You can share accounts to any email address from the sharing page within the app and the receiver will be alerted that an account has been shared with them via email.
Multifactor
@leahdgibson17 Great question, Leah! You can send anyone an invite link via an email, but they'll need to create a free Multifactor account in order to accept the request.
Because we use an end-to-end encrypted zero-trust security architecture, we need to make sure the recipient sets up their own client-side decryption key before they access the shared account.
@leahdgibson17 @viveknair ahh, both parties need to have multifactor accounts to share,, slight friction there though, but if you need to share that might be the only way.
Multifactor
@chimeremeze We have user onboarding that will walk you through importing and adding accounts/credentials. Once you have accounts added, you can share these accounts with anyone by accessing the account action page (click the three dots in the top right of an account card).
We are always happy to add more assistance with onboarding. Was there anything you found confusing or that could use more explanation?
Multifactor
@karevaradharaj Yes, there is already a "playbook" in the app that can alert you of weak or compromised factors. We plan on automating credential rotation and security upgrades in the future too.
Multifactor
@karevaradharaj You should try the "playbooks" feature (preview)! After you import your accounts from another password manager, we have a playbook that will automatically detect weak, compromised, or reused credentials.
Coming soon is a Multi integration that automatically rotates all of your credentials for you, either periodically or when a breach is detected, so you don't even need to worry about manual credential rotations.
Great product, I have so many questions but this indeed solves a real pain, congratz on launching!
To use it I will need to store all my password including all MFAs into Multifactor right?
When I want to share, I just share a Checkpoint link which is already logged in using my password and MFA? So to the person that are receiving it, they actually never need to do the login themself since it's already logged in for them?
Multifactor tracks the action they have taken on the site so I can see exactly they did with my account?
How does Multifactor prevent certain action? is it just by URL checking or I can specify don't allow the user to click on this button or something like that?
Multifactor
@royybao Let me answer these for you:
1. You can freely store as many or as few credentials (MFAs) with your accounts as you wish. However, to get the full use of the app (i.e., sharing with Checkpoint) you will want to provide a set of credentials that allows you to completely login to an account. For example, on GitHub you will likely want to provide a password + TOTP factor or you could just provide a passkey! You would not need to provide your password + TOTP + passkey if you didn't want to.
2. That's correct! That is the safest and most secure way of sharing accounts that we offer. Sharing with Checkpoint means the receiver can never see any of your credentials. You will also be able to provide a policy for what actions the receiver can take with your account too. You are also free to share accounts via the basic sharing system too, but in this case users will at least be able to see your credentials and will have full account access.
3. Exactly. We refer to this as "auditing". This means you know exactly where/when/how your account was used. Again, with Checkpoint, you can limit the ways your account is used all together.
4. When you use Checkpoint, you are connected to the target website through our proxy which runs in a Trusted Execution Environment (TEE). This proxy sees the HTTP traffic and it can prevent specific requests from being made, or modify them given a set of rules. Likewise, this proxy is what injects credentials into the requests so the receiver of a Checkpoint link can never see the credentials.
TEEs are used to keep your data as safe as possible!
---
Great questions, Roy! Happy to answer any more you may have :)