SecurityDevelopersArchitectureAbout
Try Demo

GrayPass is a behavioral signature.

You are the password.

GrayPass verifies who you are by how you behave, not what you type.

Try Demo
< 0 msdecision latency
0-Dfeature vector
0raw biometrics stored
0 minfirst integration

Backed by Tinkerers:

1517 Fund
Boost VC
Rideau Hall Foundation
Ingenious+
What GrayPass does

Three steps. One identity. Zero passwords.

01

We pick up how you react.

A short challenge captures the timing of your reactions and the rhythm of your typing.

02

We turn it into a salted print.

Those signals collapse into a small, salted vector. The raw behavior never leaves the session.

03

We verify the next time it matches.

On every login we recompute the print and decide accept or deny in milliseconds.

What the numbers say
< 0 ms
Median decision time
0-D
Feature vector
0
Raw biometrics retained
0 min
Typical time to first call
Why this exists

Authentication that cannot be stolen.

Passwords get stolen. OTPs get intercepted. Fingerprints leak. We built an identity layer that refuses to be any of those.

Reaction timingmatch

Behavior-first security

We pick up the rhythm behind your reactions. Shoulder surfing, credential stuffing, and replay attacks have nothing to copy.

Salted, projected, stored

Privacy by design

Raw behavior never leaves the session. We store a salted print, encrypted at rest, with helper data on a rotation.

rotate seed

Cancelable templates

If anything ever leaks, we rotate the seed. Your identity stays. The template behind it is replaced in minutes.

187 msDecide

Sub-second decisions

Accept or deny in milliseconds, with calibrated confidence ready for your policy engine.

0104020503Shuffled, timed, signed

Replay-hard challenges

Server-driven schedules with jittered timing. Macros and remote-takeover tools fail the timing tests.

Inside the product

Inside GrayPass

Four short reads. Pick one and you will know what we built and why it matters.

clientfeaturessalteddecideEnd to end

Architecture

How a session moves from a calibration to a salted print to a decision, end to end.

Read more
Defense in depthencrypted · salted · rotatable

Security

Encryption at rest, salted prints, cancelable templates, and the things we deliberately never store.

Read more
// 3 calls. one identity.await gp.start(user)const sig = await gp.capture()const { ok, p } = await gp.verify(sig)Client SDK

Developers

Three calls to ship a passwordless login. The SDK does the heavy lifting in the browser.

Read more
PositioningIdentity without friction

About

Why GrayPass exists and what we think identity should feel like next.

Read more
Try it yourself

Two minutes. No hardware. No password to remember.

The full enrollment-and-login loop runs end to end in about two minutes. Here's what to expect.

01

Enroll

Switch to Enroll mode and pick a username. It can be anything we will remember it for you.

02

Camera (optional)

Turn on your webcam if you want gaze tracking. No camera works fine too the rest of the signals stand on their own.

03

Color test

You will see color words written in different colors. Click the bar that matches the actual color, not the word.

04

Typing test

Type a short phrase at your natural pace. We measure rhythm, not speed. Slower is fine.

05

Login

Switch to Login, type the same username, and run the tests once more. If your behavior matches, you are in.

Start Demo
Feedback

Tell us where the demo surprised you.

Two sentences are enough. We read almost everything and reply to most.

Build with GrayPass

Identity, finally invisible.

Get an API key in minutes. The SDK runs in the browser. Your stack doesn't have to change.

Try Demo