Enhanced PIN Entry Security
Overview
Enhanced PIN Entry Security protects UnoLock PIN entry with a randomized keypad and mouse click-based input to ensure strong resistance to keyloggers. Available across all tiers, Free, Inheritance, Sovereign, and HighRisk, this feature safeguards your Safe by preventing PIN capture through malware while fitting into UnoLock’s broader access-key authentication model.
The important security distinction is that the PIN is not the primary authentication factor and is not the password that encrypts Safe data. UnoLock’s primary authentication model is WebAuthn-based access keys. The PIN is a separate control used to slow brute-force attempts and support PIN-based deniability and recovery-related behaviors.
How It Works
- Randomized Keypad Generation: Each login session generates a unique keypad image with numbers 0-9 and letters A-F in randomized positions, preventing predictable input patterns.
- Mouse Click-Based Input: Users enter their pin by clicking keypad characters on-screen, bypassing keyboard input to nullify keylogger threats.
- Server-Side Decoding: Clicked positions are sent to the server and decoded using the session’s randomized keypad layout, ensuring the pin is never transmitted in cleartext.
- Encrypted Transmission: Click data is transmitted via TLS 1.3-encrypted channels, protecting against interception during authentication.
- Brute-Force Control: Protected PIN handling adds friction and rate limits around repeated access attempts, which is important in a WebAuthn-plus-client-side-encryption model.
Security Implications
- Keylogger Neutralization: Mouse click input eliminates keyboard data, rendering keyloggers ineffective and safeguarding pins from malware capture.
- Dynamic Input Protection: Randomized keypad layouts per session prevent attackers from mapping inputs, enhancing authentication resilience.
- Zero-Knowledge Pin Security: The pin is never typed or stored in cleartext, with server-side decoding ensuring UnoLock cannot access it.
- Non-Password Architecture: PIN protection exists alongside WebAuthn and client-side encryption; it does not replace them or act as the main cryptographic secret.
Use Cases
- High-Risk Device Access: Users on public or compromised devices can authenticate securely, protected from keyloggers lurking in untrusted environments.
- Corporate Vault Security: Businesses can ensure employee logins remain safe from malware, maintaining vault integrity in sensitive operations.
- Privacy-First Authentication: Individuals can access their vault with confidence, knowing their pin is shielded from cyber threats in any setting.
Why It Matters
Enhanced PIN Entry Security strengthens UnoLock login by blending keylogger protection with brute-force resistance. That matters because UnoLock does not rely on normal passwords for Safe access or for the main Safe encryption model.
FAQs
Can keyloggers capture my UnoLock pin?
No, mouse click-based input on a randomized keypad ensures keyloggers cannot record your pin, as no keystrokes are used.
Is the PIN the same as my Safe password?
No. UnoLock’s primary authentication model is WebAuthn-based access keys, not passwords. The PIN is a separate security control.
Is the randomized keypad difficult to use?
No, the visual keypad is designed for simplicity, allowing easy click-based entry while maintaining robust security.
How secure is the pin during transmission?
Clicked positions are sent via TLS 1.3-encrypted channels and decoded server-side, ensuring the pin remains protected from interception.
Compliance & Privacy Regulations
- GDPR & HIPAA Compliance: Enhanced PIN Entry Security supports GDPR and HIPAA by preventing unauthorized access to authentication data, ensuring user privacy through encrypted, zero-knowledge PIN handling.
Integration with Other Features
- FIDO2 Authentication with WebAuthn: Complements protected PIN entry by providing the primary phishing-resistant authentication model for Safe access.
- Client-Side Encryption: keeps Safe data encrypted independently of the PIN.
