Multifactor lets you share access to accounts securely without exposing passwords. Use links like Google Docs to grant access. Import from LastPass, Apple, or Google with one click. Let AI agents log in and take action with your permission.
Hello, Product Hunt! Thanks for checking out Multifactor.
🧑💻 Who are we?
I’m Vivek Nair, co-founder & CEO, a Ph.D. computer scientist and former CIA officer. Colin Roberts, co-founder & CTO, is a Ph.D. mathematician and former NASA scientist. We’re both passionate about usable security, with over a decade of cybersecurity experience.
🚀 What is Multifactor?
We’re launching the best new way to securely share online accounts with humans and agents alike. Multifactor turns any account into a “checkpoint link,” making secure and revocable account sharing as easy as sharing a Google doc.
🤔 What can I use it for?
One of our investors uses the app to share email and calendar access with a rotating team of personal assistants without worrying about unauthorized edits.
Our friend who is a financial advisor uses Multifactor to manage their clients’ brokerage accounts without needing their passwords.
Our colleague uses Multifactor to share Instacart and Netflix accounts with her roommates while being able to easily add and remove people.
⏳ Why now?
With increasing adoption of passkeys, biometrics, and MFA, accounts are getting more secure but harder than ever to share. Sharing conventional accounts with non-human actors (like AI agents) is also an emerging need that current solutions fail to address.
🔜 What’s next?
Multi, our AI assistant specializing in secure online account use, is right around the corner, with API access for developers coming shortly thereafter. The version you’re using today will always be free, but an enterprise plan with advanced features is coming soon.
🔥 We’d love to hear what you think! Comment below!
What frustrates you about existing password managers?
How are you planning to use Multifactor now or in the future?
What features do you hope to see in our next release?
Report
@viveknair AES256 encryption Passwords hashed somewhere? How are you tackling quantum computing and the ability to crack AES in the near future? Good luck with the launch.
@rishiuttamhk Great question! We encrypt passwords on the client side using CRYSTALS Kyber (also known as MLKEM), a quantum-resistant encryption scheme. We're the first password manager to not only offer post-quantum security, but also directly encrypt your data using ALL of your available authentication factors, through our MFKDF algorithm.
Report
@viveknair Thats great, at-source encryption. Good luck with everything, your no.1 today!
@rohanrecommends Absolutely! We use the exact same system (called 'Checkpoint') for securely sharing online accounts with humans and AI agents just by sending a link. From the agent's perspective, it clicks on a link and is "already logged in" to your account, meaning that it never has to directly handle credentials or navigate complex login flows.
I'm curious: If you had a tool that could securely log AI agents into any of your online accounts, what would you use this for?
@viveknair If a shared link is used on a mobile device to log into a banking app via their native client (not a web browser), how does Checkpoint instantly revoke the session without a password rotation?
Report
@viveknair - how long have you been in dev for? I have a similar app in architecture, but not revolving around the password vertical. Could be a solution to the 'security' flag I am sure you get all the time. Looking forward to your launch.
It seems to be a clever way to share credentials with AI! Does it mean your AI is also an agent just like others but with a layer that ensures AI won’t expose the credentials by accident?
@daniellee2309 That's right! We built a system called "Checkpoint" that puts a secure proxy server between your online accounts and anyone you share them with (including other users, or an AI agent). The proxy runs inside a trusted execution environment and handles logging in automatically, ensuring that credentials are never visible to the recipient.
Report
@viveknair It looks so boom! Can I share passwords with people who don't have a Multifactor account?
Report
Hey @viveknair and @autoparallel, congrats on launching Multifactor! 🚀 Your approach to the "Multi" AI assistant is brilliant—I really appreciate how it enables secure, permission-based account access for AI agents with isolated cloud browsing. This is a game changer for the emerging AI-human collaboration space. Excited to see where you take this next. Best of luck with today's launch!
@roozbehfirouz Yes! We can share fully programmatic access to accounts: one time use links, links that work for a day, etc. on top of the other fine-grained controls.
Report
Congrats on the launch. How’s this different from 1Password’s shared vaults or Dashlane’s Teams plan?
@zerotox@yuzulele09 Sure, there's a few differences. The biggest is that existing shared vaults revolve mostly around directly sharing account credentials. By contrast, Multifactor lets you share any online account with humans or AI agents just by sending a link, without ever actually sharing the underlying credentials.
This means that unlike password sharing, you can and instantly revoke access (no need to rotate credentials) and not worry about anyone still being logged in to your account in the background. You can also enforce fine-grained access controls that control exactly how people use accounts that are shared with them. Happy to provide details, let me know if you have any further questions about how it works :)
Report
@zerotox@yuzulele09@viveknair How would you revoke access if the site your trying to login to uses stateless (jwt) authentication which is time based though? just asking technically. for example ph which i think may be stateless, each api call is verified with the attached bearer token, in esense, you are obtaining that token and storing it in your proxy?
@zerotox@yuzulele09@rishiuttamhk Great question! When accessing an account through Checkpoint, cookies (including authentication tokens) aren't stored on the recipient's device in plaintext. Instead, they're encrypted and then securely decrypted inside a trusted execution environment within the Checkpoint service. As soon as access is revoked, Multifactor will refuse to decrypt cookies for that account, ensuring access revocations take instant effect, even if recipients are already logged in.
Report
After trying Multifactor, it feels like a seamless way to securely share access with team members without compromising passwords, perfect for collaborative marketing workflows.
Multifactor
Hello, Product Hunt! Thanks for checking out Multifactor.
🧑💻 Who are we?
I’m Vivek Nair, co-founder & CEO, a Ph.D. computer scientist and former CIA officer. Colin Roberts, co-founder & CTO, is a Ph.D. mathematician and former NASA scientist. We’re both passionate about usable security, with over a decade of cybersecurity experience.
🚀 What is Multifactor?
We’re launching the best new way to securely share online accounts with humans and agents alike. Multifactor turns any account into a “checkpoint link,” making secure and revocable account sharing as easy as sharing a Google doc.
🤔 What can I use it for?
One of our investors uses the app to share email and calendar access with a rotating team of personal assistants without worrying about unauthorized edits.
Our friend who is a financial advisor uses Multifactor to manage their clients’ brokerage accounts without needing their passwords.
Our colleague uses Multifactor to share Instacart and Netflix accounts with her roommates while being able to easily add and remove people.
⏳ Why now?
With increasing adoption of passkeys, biometrics, and MFA, accounts are getting more secure but harder than ever to share. Sharing conventional accounts with non-human actors (like AI agents) is also an emerging need that current solutions fail to address.
🔜 What’s next?
Multi, our AI assistant specializing in secure online account use, is right around the corner, with API access for developers coming shortly thereafter. The version you’re using today will always be free, but an enterprise plan with advanced features is coming soon.
🔥 We’d love to hear what you think! Comment below!
What frustrates you about existing password managers?
How are you planning to use Multifactor now or in the future?
What features do you hope to see in our next release?
@viveknair AES256 encryption Passwords hashed somewhere? How are you tackling quantum computing and the ability to crack AES in the near future? Good luck with the launch.
Multifactor
@rishiuttamhk Great question! We encrypt passwords on the client side using CRYSTALS Kyber (also known as MLKEM), a quantum-resistant encryption scheme. We're the first password manager to not only offer post-quantum security, but also directly encrypt your data using ALL of your available authentication factors, through our MFKDF algorithm.
@viveknair Thats great, at-source encryption. Good luck with everything, your no.1 today!
Multifactor
@rishiuttamhk Thanks Rishi! Your support means the world to us!
@viveknair Many congrats on the launch! Could you explain how this integrates with AI agents?
Multifactor
@rohanrecommends Absolutely! We use the exact same system (called 'Checkpoint') for securely sharing online accounts with humans and AI agents just by sending a link. From the agent's perspective, it clicks on a link and is "already logged in" to your account, meaning that it never has to directly handle credentials or navigate complex login flows.
I'm curious: If you had a tool that could securely log AI agents into any of your online accounts, what would you use this for?
PicWish
@viveknair If a shared link is used on a mobile device to log into a banking app via their native client (not a web browser), how does Checkpoint instantly revoke the session without a password rotation?
@viveknair - how long have you been in dev for? I have a similar app in architecture, but not revolving around the password vertical. Could be a solution to the 'security' flag I am sure you get all the time. Looking forward to your launch.
Free to chat at anytime. 1@affynix.ai
Pura Vida!
Multifactor
@daniellee2309 That's right! We built a system called "Checkpoint" that puts a secure proxy server between your online accounts and anyone you share them with (including other users, or an AI agent). The proxy runs inside a trusted execution environment and handles logging in automatically, ensuring that credentials are never visible to the recipient.
@viveknair It looks so boom! Can I share passwords with people who don't have a Multifactor account?
Hey @viveknair and @autoparallel, congrats on launching Multifactor! 🚀 Your approach to the "Multi" AI assistant is brilliant—I really appreciate how it enables secure, permission-based account access for AI agents with isolated cloud browsing. This is a game changer for the emerging AI-human collaboration space. Excited to see where you take this next. Best of luck with today's launch!
Multifactor
@kjosephabraham Thanks so much for checking it out! I'm glad you see the vision with respect to secure account access for AI agents!
Sellkit
That’s clever. Congrats! Does it support temporary or expiring access links too?
Multifactor
@roozbehfirouz Yes! We can share fully programmatic access to accounts: one time use links, links that work for a day, etc. on top of the other fine-grained controls.
Congrats on the launch. How’s this different from 1Password’s shared vaults or Dashlane’s Teams plan?
@zerotox also curious here
Multifactor
@zerotox @yuzulele09 Sure, there's a few differences. The biggest is that existing shared vaults revolve mostly around directly sharing account credentials. By contrast, Multifactor lets you share any online account with humans or AI agents just by sending a link, without ever actually sharing the underlying credentials.
This means that unlike password sharing, you can and instantly revoke access (no need to rotate credentials) and not worry about anyone still being logged in to your account in the background. You can also enforce fine-grained access controls that control exactly how people use accounts that are shared with them. Happy to provide details, let me know if you have any further questions about how it works :)
@zerotox @yuzulele09 @viveknair How would you revoke access if the site your trying to login to uses stateless (jwt) authentication which is time based though? just asking technically. for example ph which i think may be stateless, each api call is verified with the attached bearer token, in esense, you are obtaining that token and storing it in your proxy?
Multifactor
@zerotox @yuzulele09 @rishiuttamhk Great question! When accessing an account through Checkpoint, cookies (including authentication tokens) aren't stored on the recipient's device in plaintext. Instead, they're encrypted and then securely decrypted inside a trusted execution environment within the Checkpoint service. As soon as access is revoked, Multifactor will refuse to decrypt cookies for that account, ensuring access revocations take instant effect, even if recipients are already logged in.
After trying Multifactor, it feels like a seamless way to securely share access with team members without compromising passwords, perfect for collaborative marketing workflows.
Multifactor
@omar_saad3 Awesome! Thanks for giving it a try!
Cal ID
Wishing you great success with this! Excited to see what comes next.
Multifactor
@sanskarix Thank you for your support, Sanskar!