Our Philosophy
Why we think CO-Auth makes sense...
Thank you for considering CO-Auth in your organization. We would be glad to have your organization logo listed as an adopter of CO-Auth.
With CO-Auth you can choose the authorization for your Web applications, Desktop GUI and Cloud Shell from
a list of configurable options for your transactions (i.e. post authentication).
MFA / 2FA isn't part of Auth? :P. It's the extension step for verification i.e. authorization. With CO-Auth, plug them anywhere.
Why build your own authorizations / keep them updated when you can quickly leverage with CO-Auth. More importantly, you transactional authorization shouldn't be residing on the same system as your core authentication.
Platforms supported / planned
Why we think CO-Auth makes sense...
SSO, SAML, OAuth, and OpenID excel at authentication, but they may lack post-authentication affirmation for sensitive actions. As a result, organizations often build additional verification methods like OTP and security questions to ensure comprehensive security beyond initial login.
Despite secure password policies, risks persist with shared screens and continuous logged-in sessions, especially in remote work. Organizations need to address these vulnerabilities to prevent unauthorized access effectively.
Separating authorization factors into distinct systems adds an extra layer of security. If core application passwords are compromised, this segregation helps mitigate the risk and provides additional protection.
Avoid re-implementing Two-Factor Authentication (2FA) for each system. Instead, use a centralized approach when you have multiple applications requiring 2FA. This streamlines implementation, enhances consistency, and simplifies management.
Emphasize best practices over just functional modules. Opt for widely adopted solutions and leave it to the experts to ensure robust security measures rather than reinventing the wheel.
Choosing a unified authorization module is ideal for a seamless user experience. However, with CO-Auth, you have the flexibility to cater to multiple faces.
Opt for a pluggable and configurable authentication module that allows you to switch authentication methods without rewriting the entire logic. For instance, enabling access to banking codes via a mobile app instead of SMS, email, or TOTP during international travel. This flexibility enhances user experience and security adaptation.
CO-Auth modules provide a blend of simplicity, modernity, and security. They can be utilized for various authentication methods, including QR Login or Whatsapp Login (beyond the memory recall password), ensuring a user-friendly yet secure authentication experience.
CO-Auth is a self funded open source work in extra time. Feel free to contribute with your knowledge by;
Doubts or questions that you might have
Co-Auth is created as an OSS. Fully Open Source! There is no enterprise version with added benefits.
Connect with me on Twitter @godwin_pinto or linkedin.com/in/pinto-godwin. I can direct you to
organization that can facilitate this.
However, there is no hard-and-fast rule. Any
software development company can facilitate with the knowledge of CO-Auth's tech stack. Refer documentation for more
details.
Feel free to connect with me on Twitter @godwin_pinto or linkedin.com/in/pinto-godwin, lets chat and see way forward.