Multifactor lets you share access to accounts securely without exposing passwords. Use links like Google Docs to grant access. Import from LastPass, Apple, or Google with one click. Let AI agents log in and take action with your permission.
@kaixin_feng Even if we save people a few minutes every day from manually finding/typing passwords and entering one-time codes, that's a win in our books! ;)
Great product, I have so many questions but this indeed solves a real pain, congratz on launching!
To use it I will need to store all my password including all MFAs into Multifactor right?
When I want to share, I just share a Checkpoint link which is already logged in using my password and MFA? So to the person that are receiving it, they actually never need to do the login themself since it's already logged in for them?
Multifactor tracks the action they have taken on the site so I can see exactly they did with my account?
How does Multifactor prevent certain action? is it just by URL checking or I can specify don't allow the user to click on this button or something like that?
@royybao Let me answer these for you: 1. You can freely store as many or as few credentials (MFAs) with your accounts as you wish. However, to get the full use of the app (i.e., sharing with Checkpoint) you will want to provide a set of credentials that allows you to completely login to an account. For example, on GitHub you will likely want to provide a password + TOTP factor or you could just provide a passkey! You would not need to provide your password + TOTP + passkey if you didn't want to.
2. That's correct! That is the safest and most secure way of sharing accounts that we offer. Sharing with Checkpoint means the receiver can never see any of your credentials. You will also be able to provide a policy for what actions the receiver can take with your account too. You are also free to share accounts via the basic sharing system too, but in this case users will at least be able to see your credentials and will have full account access.
3. Exactly. We refer to this as "auditing". This means you know exactly where/when/how your account was used. Again, with Checkpoint, you can limit the ways your account is used all together.
4. When you use Checkpoint, you are connected to the target website through our proxy which runs in a Trusted Execution Environment (TEE). This proxy sees the HTTP traffic and it can prevent specific requests from being made, or modify them given a set of rules. Likewise, this proxy is what injects credentials into the requests so the receiver of a Checkpoint link can never see the credentials.
TEEs are used to keep your data as safe as possible!
---
Great questions, Roy! Happy to answer any more you may have :)
Report
Can I use this to set policy about the types of things my EA is allowed to do across all my accounts (e.g. view my account balances / information across all my financial accounts) without having to share credentials individually? Having her constantly need to ask for permissions for a specific account I forgot has been a real pain.
@jordan_chetty Yes! This is the exact kind of use case we know that this assists with! You can happily share a list of your accounts with your EA, each with fine-grained permissions, and they can use those accounts subject to the rules you placed on them. Also, you can see all the actions taken by the EA after the fact with our auditing feature. This way you know who/what/when/where/how your accounts have been used!
@auren Absolutely, that's an ideal use case! Especially if your assistant is actually a rotating team, and it's important to know who did what with those shared accounts and instantly remove access if needed. (Plus, soon, there may be non-human AI assistants on that team, which we'll make it just as easy to share accounts with).
Aha
Great Idea! Save time and energy on logging into my accounts.
Multifactor
@kaixin_feng Even if we save people a few minutes every day from manually finding/typing passwords and entering one-time codes, that's a win in our books! ;)
Fondo
Multifactor
@davj Thanks David for all of your recent support!!
Congrats on the launch! Super clever idea with a great team!!
Multifactor
@taro_f Thank you, Taro! We appreciate it :)
Great product, I have so many questions but this indeed solves a real pain, congratz on launching!
To use it I will need to store all my password including all MFAs into Multifactor right?
When I want to share, I just share a Checkpoint link which is already logged in using my password and MFA? So to the person that are receiving it, they actually never need to do the login themself since it's already logged in for them?
Multifactor tracks the action they have taken on the site so I can see exactly they did with my account?
How does Multifactor prevent certain action? is it just by URL checking or I can specify don't allow the user to click on this button or something like that?
Multifactor
@royybao Let me answer these for you:
1. You can freely store as many or as few credentials (MFAs) with your accounts as you wish. However, to get the full use of the app (i.e., sharing with Checkpoint) you will want to provide a set of credentials that allows you to completely login to an account. For example, on GitHub you will likely want to provide a password + TOTP factor or you could just provide a passkey! You would not need to provide your password + TOTP + passkey if you didn't want to.
2. That's correct! That is the safest and most secure way of sharing accounts that we offer. Sharing with Checkpoint means the receiver can never see any of your credentials. You will also be able to provide a policy for what actions the receiver can take with your account too. You are also free to share accounts via the basic sharing system too, but in this case users will at least be able to see your credentials and will have full account access.
3. Exactly. We refer to this as "auditing". This means you know exactly where/when/how your account was used. Again, with Checkpoint, you can limit the ways your account is used all together.
4. When you use Checkpoint, you are connected to the target website through our proxy which runs in a Trusted Execution Environment (TEE). This proxy sees the HTTP traffic and it can prevent specific requests from being made, or modify them given a set of rules. Likewise, this proxy is what injects credentials into the requests so the receiver of a Checkpoint link can never see the credentials.
TEEs are used to keep your data as safe as possible!
---
Great questions, Roy! Happy to answer any more you may have :)
Can I use this to set policy about the types of things my EA is allowed to do across all my accounts (e.g. view my account balances / information across all my financial accounts) without having to share credentials individually? Having her constantly need to ask for permissions for a specific account I forgot has been a real pain.
Multifactor
@jordan_chetty Yes! This is the exact kind of use case we know that this assists with! You can happily share a list of your accounts with your EA, each with fine-grained permissions, and they can use those accounts subject to the rules you placed on them. Also, you can see all the actions taken by the EA after the fact with our auditing feature. This way you know who/what/when/where/how your accounts have been used!
Personal plan for free it is how it should be 🔥
Multifactor
@pasha_tseluyko We agree! And we hope users will like it so much that they may convince their companies to sign up for an enterprise plan ;)
But no matter what, it doesn't make sense to charge individuals for basic account management and sharing!
Placekey
can i easily share logins with my administrative assistant?
Multifactor
@auren Absolutely, that's an ideal use case! Especially if your assistant is actually a rotating team, and it's important to know who did what with those shared accounts and instantly remove access if needed. (Plus, soon, there may be non-human AI assistants on that team, which we'll make it just as easy to share accounts with).