Security FAQ

How is LaunchKey more secure than password-based systems?

No one is able to authenticate as you by figuring out something you know. LaunchKey is tied to your device so it is something that you must have. Any requests for authentication that are made by someone who isn't you will still appear as notifications on your device notifying you immediately. With passwords you have to trust the system that is keeping it to properly encrypt it and keep it away from unauthorized access. With LaunchKey you just have to know where your device is.

Is this two-factor authentication?

Absolutely. Two-factor authentication, also known as multi-factor authentication, requires the authenticating user present at least two of the three recognized authentication factors: a knowledge factor (something the user knows), a possession factor (something the user has), and an inherence factor (something the user is). LaunchKey uses physical authentication over unique linked smartphones or devices to satisfy the possession factor, PIN Code or Circle Code combined with a unique LaunchKey username satisfies the knowledge factor, and geographic data along with geofencing satisfies the inherence factor.

What happens if I lose my device?

If that was your only links device, you may remotely unlink via the Unlink Form. If you have another linked device, either sign in and view the Settings section inside the online dashboard or view the Devices section inside the LaunchKey Mobile Authenticator, and then click or tap the unlink button next to the appropriate device name. Follow the instructions to complete the unlink process.

After you recover your device or obtain a new one, you may relink your LaunchKey account.

What type of encryption does LaunchKey use?

LaunchKey uses public-key cryptography with signing and 256-bit AES encryption. The RSA keys are 4096-bit on the devices with v2 LaunchKey Mobile Authenticators.

Does LaunchKey use SSL?

LaunchKey forces the use of secure HTTPS connections on all services. We use HTTP Strict Transport Security (HSTS) to ensure browsers only interact with us over HTTPS, and we're on the HSTS preload list for Chrome. Additionally, we employ an ECDHE-RSA-RC4-SHA cipher with perfect forward secrecy (PFS) on all modern browsers and a Qualsys SSL "A" server rating.

User Contributed

LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at ×