CO-Auth: Your Guard after Authentication

Protect your sensitive transactions with CO-Auth's authorization modules.

Open Source and Free!!!

Companies using CO-Auth

Thank you for considering CO-Auth in your organization. We would be glad to have your organization logo listed as an adopter of CO-Auth.

About CO-Auth

With CO-Auth you can choose the authorization for your Web applications, Desktop GUI and Cloud Shell from a list of configurable options for your transactions (i.e. post authentication).
MFA / 2FA isn't part of Auth? :P. It's the extension step for verification i.e. authorization. With CO-Auth, plug them anywhere.

  • Time Based OTP (Work in progress)
  • Re-confirm (Work in progress)
  • QR Code scan (Coming soon)
  • Dynamic Access Codes (Coming soon)
  • Regular OTP (Coming soon)
  • Whatsapp Link verification (Coming soon)
  • Voice OTP (Coming soon)
  • Security questions (Coming soon)
  • App Based verification (Coming soon)

Why build your own authorizations / keep them updated when you can quickly leverage with CO-Auth. More importantly, you transactional authorization shouldn't be residing on the same system as your core authentication.

Platforms supported / planned

  • Web Applications (Work in progress)
  • Desktop / GUI (Windows / Ubuntu / Mac) (Coming soon)
  • Cloud Shell (Coming soon)

Our Philosophy

Why we think CO-Auth makes sense...

  • 01 Is SSO, SAML, Oauth, OpenID enough?

    SSO, SAML, OAuth, and OpenID excel at authentication, but they may lack post-authentication affirmation for sensitive actions. As a result, organizations often build additional verification methods like OTP and security questions to ensure comprehensive security beyond initial login.

  • Despite secure password policies, risks persist with shared screens and continuous logged-in sessions, especially in remote work. Organizations need to address these vulnerabilities to prevent unauthorized access effectively.

  • Separating authorization factors into distinct systems adds an extra layer of security. If core application passwords are compromised, this segregation helps mitigate the risk and provides additional protection.

  • Avoid re-implementing Two-Factor Authentication (2FA) for each system. Instead, use a centralized approach when you have multiple applications requiring 2FA. This streamlines implementation, enhances consistency, and simplifies management.

  • Emphasize best practices over just functional modules. Opt for widely adopted solutions and leave it to the experts to ensure robust security measures rather than reinventing the wheel.

  • Choosing a unified authorization module is ideal for a seamless user experience. However, with CO-Auth, you have the flexibility to cater to multiple faces.

  • Opt for a pluggable and configurable authentication module that allows you to switch authentication methods without rewriting the entire logic. For instance, enabling access to banking codes via a mobile app instead of SMS, email, or TOTP during international travel. This flexibility enhances user experience and security adaptation.

  • CO-Auth modules provide a blend of simplicity, modernity, and security. They can be utilized for various authentication methods, including QR Login or Whatsapp Login (beyond the memory recall password), ensuring a user-friendly yet secure authentication experience.


Frequently Asked Questions

Doubts or questions that you might have

  • Is there a paid / pro version?

    Co-Auth is created as an OSS. Fully Open Source! There is no enterprise version with added benefits.

  • Connect with me on Twitter @godwin_pinto or I can direct you to organization that can facilitate this.

    However, there is no hard-and-fast rule. Any software development company can facilitate with the knowledge of CO-Auth's tech stack. Refer documentation for more details.

  • Feel free to connect with me on Twitter @godwin_pinto or, lets chat and see way forward.