FAQ

Discover our FAQ topics and get answers to the most frequently asked questions.

Support

Token

inWebo Technology

Deviceless / Browser token

inWebo Infrastructure

Deployment

Security

Administration

inWebo Technology

How is inWebo MFA different from other solutions?
Thanks to our patented random dynamic key technology, MFA can be done without worrying about the security level of the user equipment. We therefore offer an extremely simple user experience.
Does your solution require upgrading my IS?
Since we have been around for more than 10 years, we have seen several generations of IS pass through. We are here to support you, whether you have an up-to-date infrastructure or not.
How does your solution improve the end-user experience?
Traditional MFA solutions are restrictive for the user (OTP to be retyped, need to have a specific equipment or a smartphone, impossible to connect when the token is lost/broken, etc).
inWebo erases all these flaws by offering a solution that is accessible on all the user's equipment with a simple use.
What are the HSMs used for in your data centers?
The HSMs handle all the sensitive operations of the service and protect users' account security data. HSMs ensure that no one can manipulate these operations, not even our own teams.
Is inWebo Authenticator for PC/Mac different from the mobile version?
No, it's exactly the same application, only you don't need a smartphone to use it.
Does inWebo's MFA still work if the smartphone is not connected to the internet?
Yes, smartphones can be in a spot without network coverage. Even under these conditions, the user will be able to generate inWebo OTPs with the same level of security.
Is inWebo passwordless?
Yes, inWebo is by nature passwordless: users simply enter a PIN code rather than a long, complex password that has to change regularly.
What is the user experience when using inWebo's SDK?
It's up to you. You can make the experience completely invisible for the user who will feel like he is logging in with a simple 4-digit code or, on the contrary, choose to enhance the security level of your application for your users by adding specific screens.
Why doesn't inWebo recommend conditional access for its MFA?
Conditional access is an approach that seeks to avoid requiring MFA under certain conditions. An attacker will always seek to put himself in a context that is convenient for him. Providing exceptions for MFA is a breach of security that an attacker will be able to take full advantage of.

For some MFA solutions, the user experience remains complex and could justify conditional access in order to simplify the login experience. It is certainly not the case for inWebo, which offers a natively flexible approach.

Our customers are free to set up conditional accesses but we believe that with an easy-to-use MFA it is worth having MFA requested whatever the circumstances. This way your users won't get lost when they are in one of the exceptional circumstances that requires MFA. In addition, you will reinforce or initiate a Zero trust approach within your organization.

inWebo Infrastructure

What are the specificities of the inWebo infrastructure?
Designed as a SaaS solution, inWebo's infrastructure exceeds the market's standards with 3 main pillars.

High availability: inWebo’s servers are spread over 3 datacenters with a synchronous replication and an automatic failover - in no time - providing an availability of 99,9% per year.

Agile scalability: inWebo's infrastructure guarantees agile and structural scalability, capable of handling large load peaks, even unexpected ones. By design, our servers have a 6x overcapacity compared to our current needs and can be reinforced very quickly and easily.

High level ofsecurity: Our HSM's have an unbreakable cryptographic core. No one can access or manipulate your sensitive data, not even our own teams or your administrators.

What about Digital Sovereignty? Where are inWebo’s datacenters located?
Digital Sovereignty is a key component of inWebo’s Security approach. Therefore, all our datacenters are private and located in France.

Security

Why is a PIN code more secure than a traditional password?
The PIN code never transits and is not stored. It cannot be intercepted or copied. It is of no use without the trusted equipment.
On the other hand, a password is transmitted at each authentication and is generally stored on the user's workstation and/or the server: it can be intercepted or stolen and then reused on an access protected only by password.
Is SaaS as secure as my own infrastructure?
We designed the solution to be SaaS. This means that our data centres have synchronous replication and automatic failover to guarantee service availability. Our platform is multi-tenant and HSMs perform all sensitive operations to guarantee you a tamper-proof environment.
We offer an availability of 99.9% per year, i.e. less than 4 hours of downtime per year.
Does inWebo protect against phishing and man in the middle?
Yes, we even protect against advanced phishing attacks by preventing the user from authenticating on a website that is not legitimate.

Deviceless / Smartphoneless / Browser Token

What is Deviceless? or "browser" token?

Deviceless offers the user the ability to strongly authenticate himself without needing to have a specific equipment (smartphone, smart card, usb key, etc.).
Check out our article on the Deviceless MFA technology.

What does this technology bring to multifactor authentication?
Thanks to our browser token (Deviceless MFA), authentication can be done directly in the users' browser without the need to install a mobile application or PC/Mac.

Token

Do I need special equipment? What are the authentication methods?
inWebo MFA solution provides a wide choice of authentication methods (Mobile Application, Desktop Application, Browser) that shall be used in combination with an application password, a PIN code or a biometric factor.
How many devices can a user have?

The administrator configures how many trusted devices users can have. This way the user won't be unable to log in if he has forgotten or lost his smartphone.

Is it necessary to give a phone number?
No, our technology does not require sending a text message.
What happens if a user loses his trusted device?
If he has other trusted equipment available, he can connect with or use it to declare new trusted equipment.
An administrator or helpdesk agent can also help a user define another Trusted Equipment in seconds.
Do we need a smartphone?
Not necessarily, you can also use our PC/Mac Authenticator or simply use your browser as a trusted device. Check out the "Deviceless" topic in the FAQ to learn more about this technology.

Deployment

How do we deploy inWebo's MFA solution?
Our solution is SaaS-based and does therefore require very little effort to install. The only bricks to install are: a provisioning tool for accounts provided by inWebo and potentially a specific connector when the application to protect is not compatible with our connectors.
Can the solution be used in B2C apps?
We provide web and mobile SDKs for consumer projects that want to embed MFA without disrupting the user experience.

Administration

inWebo provides a specific website with practical tools and guides to facilitate (even more) the integration of our multi-factor authentication solution to your applications.
Documentation and tools

Documentation

Documentation and tutorials to guide you in integrating inWebo Multifactor Authentication (MFA) into your architecture.

Integrator kit

Resource files and sample code to integrate the InWebo Web Services API in your desired language..

Support

You need technical support and can't find the answer to your question in the FAQ? Contact your corporate support.

How to create your inWebo account?
You can't create a profile inWeboyourself and associate it with your accounts - it's up to the organizations managing those accounts to do that for you. For example, your company creates a profile for you to access your business applications, and your bank allows you to authenticate to its online banking application.
Where can I find my access codes?

The organization that creates your profile will provide you with an activation code. This can be a numeric code or a clickable link in an email sent by your organization.inWebo does not have access to this information.

I haven't received an access code, what should I do?
If you haven't received an activation code or email, first check your junk mail (spam) folder. If you still can't find it, you should contact the organization that created your profile inWebodirectly. This can be the IT support team, a customer support hotline or other depending on the organization.
I cannot login

If you can no longer access your inWebo account, you must contact the organization that created your profile directly. Please do not contact us for this, we are unfortunately unable to respond to support inquiries.

Get in touch