World-class security technology

Multifactor's research team has produced dozens of combined patents, publications, and open-source projects, in pursuit of our mission to “redefine zero-trust” for the modern web.

Our research has been featured in…

Washington PostForbesBloombergPoliticoVentureBeat
AND
OR
AND
AND
OR
AND

Fast, flexible, and usable security

We understand that good security solutions are user-centric, and that low-friction solutions are paramount to usable application security. MFKDF2 securely derives cryptographic keys from multiple authentication factors while achievinguser indistinguishability, meaning that applications become meaningfully harder to attack while users notice no difference at all.

MFKDF2 is fully backward compatible with existing, commonly used factors such as passwords, hardware tokens, and biometrics, ensuring that users don't have to learn new technologies and can continue to use factors they are familiar with.

Learn more

Simple enforcement of complex policies

Between juggling multiple compliance requirements, complex organizational policies, and the need to protect sensitive data, real-world applications demand robust enforcement of complex security policies.

Multifactor's “Switchboard” technology suite uniquely enables trustless enforcement across authentication, authorization, and auditing, transforming typically weak, software-defined enforcement into strong, cryptographically backed guarantees.

Learn more

Share resources effectively

Existing account sharing solutions are often irrevocable, untraceable, and backed by weak password-based cryptography. It's no wonder that major password management solutions have dozens of publicly confirmed data breaches!

Multifactor's “Checkpoint” technology uniquely enables online resources to be shared by multiple users in a way that is immediately revocable, non-repudiable, and fine-grained, without requiring any changes to the underlying application being shared.

Learn more

Publications

Exploring the Privacy Risks of Adversarial VR Game Design

Vivek Nair*, Gonzalo Munilla Garrido*, Dawn Song, and James F. O'Brien

  1. Preprint in arXiv, 2022.
    [view] [pdf] []
  2. Published in PoPETs, 2023.
    [view] [pdf] [video] [code] []

Multi-Factor Key Derivation Function (MFKDF) for Fast, Flexible, Secure, & Practical Key Management

Vivek Nair and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in USENIX Security, 2023.
    [view] [pdf] [video] [code] []
  3. Distinguished Artifact Award

Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data

Vivek Nair, Wenbo Guo, Justus Mattern, Rui Wang, James F. O'Brien, Louis Rosenberg, and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in USENIX Security, 2023.
    [view] [pdf] [video] [code] []

Decentralizing Custodial Wallets with MFKDF

Vivek Nair and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in IEEE ICBC, 2023.
    [view] [code] []

Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance

Vivek Nair and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in IEEE EuroS&P, 2023.
    [view] [code] []

Going Incognito in the Metaverse: Achieving Theoretically Optimal Privacy-Usability Tradeoffs in VR

Vivek Nair*, Gonzalo M. Garrido*, and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in ACM UIST, 2023.
    [view] [pdf] [video] [code] []
  3. Best Paper Award

Truth in Motion: The Unprecedented Risks and Opportunities of Extended Reality Motion Data

Vivek Nair, Louis Rosenberg, James F. O'Brien, and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in IEEE S&P, 2024.
    [view] [pdf] []

ProtoBlocks: Programming Language for Secure Implementation of Cryptographic Protocols

Vivek Nair, William Mullen, and Ethan Lee

  1. Preprint in EECS Technical Reports, 2023.
    [pdf] []

MFDPG: Multi-Factor Authenticated Password Management With Zero Stored Secrets

Vivek Nair and Dawn Song

  1. Preprint in arXiv, 2023.
    [view] [pdf] [code] []

“I Can’t Believe It’s Not Custodial!”: Usable Trustless Decentralized Key Management

Tanusree Sharma, Vivek C. Nair, Henry Wang, Yang Wang, and Dawn Song

  1. Published in ACM CHI, 2024.
    [view] [pdf] [video] [code] []

Inferring Private Personal Attributes of Virtual Reality Users

Vivek Nair, Christian Rack, Wenbo Guo, Rui Wang, Shuixian Li, Brandon Huang, Atticus Cull, James F. O'Brien, Marc Latoschik, and Louis Rosenberg

  1. Preprint in arXiv, 2023.
    [view] [pdf] []
  2. Published in IEEE VRW, 2024.
    [view] [code] []

Deep Motion Masking for Secure, Usable, and Scalable Real-Time Anonymization of Ecological Virtual Reality Motion Data

Vivek Nair, Wenbo Guo, James F. O'Brien, Louis Rosenberg, and Dawn Song

  1. Preprint in arXiv, 2024.
    [view] [pdf] []
  2. Published in IEEE VRW, 2024.
    [view] [code] []
Introducing Checkpoint: A Better Way to Share Online Accounts

Introducing Checkpoint: A Better Way to Share Online Accounts

2025-07-07

Checkpoint uses novel cryptographic techniques to enable easy revocable, non-repudiable, and fine-grained sharing of any online account resource.

Colin Roberts: Why I’m Excited About the Future of Multifactor

Colin Roberts: Why I’m Excited About the Future of Multifactor

2025-07-03

Colin Roberts, Co-Founder and CTO, shares his journey from pure mathematics to crypto-focused startups and now Multifactor, explaining why he's excited about the future of the company.

How to Choose Parameters for KDFs like Argon2, Bcrypt, Scrypt, PBKDF2, Balloon Hashing, & More (Part 1 of 2)

How to Choose Parameters for KDFs like Argon2, Bcrypt, Scrypt, PBKDF2, Balloon Hashing, & More (Part 1 of 2)

2025-06-25

A comprehensive guide and interactive tool for the delicate security decision of selecting the best parameters for hard KDFs like Argon2, Bcrypt, Scrypt, PBKDF2, and Balloon Hashing.