SecurityDevelopersArchitecturePricingAbout
Try Demo

No morepasswords.

You are the password.

Your users prove who they are just by using your app, through the rhythm of how they type, move, and react. Nothing to steal, nothing to phish, nothing to remember.

Try Demo
< 0 msdecision speed
0-Ddimensions per print
0raw biometrics stored
0 minminutes to go live
Backed by
1517 Fund
Boost VC
Rideau Hall Foundation
Ingenious+
With angels from
Brex
DayDream Ventures

Watch yourself become a signature.

Move your cursor. Type a little. The line below is you, your rhythm drawn live and turned into a print only you could make. It never leaves your browser.

your signature · forming
in your browser
move your cursor across this space
runs locally · timings only · text never stored·

What GrayPass does

Three steps. One identity. Zero passwords.

  1. raw signal
    01/03
    01

    We pick up how you react.

    A short challenge captures the timing of your reactions and the rhythm of your typing.

  2. salted print
    02/03
    02

    We turn it into a salted print.

    Those signals collapse into a small, salted vector. The raw behavior never leaves the session.

  3. verified
    03/03
    03

    We verify the next time it matches.

    On every login we recompute the print and decide accept or deny in milliseconds.

Proof, measured live

0behavior samples read on this page

Numbers you can watch happen.

Not a spec sheet. These are live from your own browser right now: real latency from your connection, the dimensions inside every print, and the raw biometrics we never keep.

mslive
Round-trip from your browser · measuring now
0-D
Dimensions per print
0
Raw biometrics ever stored
0 min
From install to first print

Why this exists

Authentication that cannot be stolen.

Passwords get stolen. OTPs get intercepted. Fingerprints leak. We built an identity layer that refuses to be any of those.

Reaction timingmatch

Nothing to steal, nothing to phish

We verify the rhythm behind every interaction: how people type, move, and react. There's no secret to shoulder-surf, no credential to stuff, no recording to replay.

Salted, projected, stored

A breach gives attackers nothing

Raw behavior never leaves the session. We keep only a salted, encrypted print, so a leaked database hands attackers nothing they can use.

rotate seed

Leaked? Rotate in minutes

Unlike a face or fingerprint, this identity is revocable. If anything ever leaks, rotate the seed. Your users keep their identity, and the template behind it is replaced in minutes.

187 msDecide

Decisions in under 200ms

Accept or deny in milliseconds, with calibrated confidence your policy engine can act on instantly.

0104020503Shuffled, timed, signed

Bots fail the rhythm test

Server-driven, jittered challenges. Macros, scripts, and remote-takeover tools can't reproduce human timing, so they're turned away.

Try it yourself

Two minutes. No hardware. No password to remember.

The full enrollment-and-login loop runs end to end in about two minutes. Here's what to expect.

I

Enroll your Brainprint

A quick series of tests designed to mimic natural interactions with your device.

II

Camera (optional)

Turn on your webcam if you want gaze tracking. No camera works fine too. The rest of the signals stand on their own.

III

Routine tasks

Follow tasks like everyday routine work: scrolling across the screen, looking around, typing, and clicking paths.

IV

Work in a mock workspace

Drop into a mock workspace and work normally. Your pointer, keystrokes, and scroll stream into a live behavioral print, with full GrayPass telemetry on the side.

V

Unlock real actions

Open trusted surfaces like the dashboard or billing and feel how the way you move alone lets you through. No password, no code to type.

Pricing

Pay per session. Never per seat.

One session is one user's visit to your app. Flat $0.70 a session, no subscriptions, and packs never expire until you've used them.

Launch
$3,500
5,000 sessions · $0.70 each

Prove it on one product surface.

  • Continuous scoring on every page
  • Block · MFA handoff · support escalation
  • Sessions never expire until used
Buy LaunchMost popularGrowth
$14,000
20,000 sessions · $0.70 each

Roll out to your core user base.

  • Continuous scoring on every page
  • Block · MFA handoff · support escalation
  • Sessions never expire until used
Buy GrowthScale
$70,000
100,000 sessions · $0.70 each

Continuous auth across everything.

  • Continuous scoring on every page
  • Block · MFA handoff · support escalation
  • Sessions never expire until used
Buy Scale

Self-serve checkout · provisioned in minutes · need 100k+, on-prem, or a custom SLA? Talk to us

Inside the product

Inside GrayPass

Four short reads. Pick one and you will know what we built and why it matters.

clientfeaturessalteddecideEnd to end

Architecture

How a session moves from a calibration to a salted print to a decision, end to end.

Read more
Defense in depthencrypted · salted · rotatable

Security

Encryption at rest, salted prints, cancelable templates, and the things we deliberately never store.

Read more
// 3 calls. one identity.await gp.start(user)const sig = await gp.capture()const { ok, p } = await gp.verify(sig)Client SDK

Developers

Three calls to ship a passwordless login. The SDK does the heavy lifting in the browser.

Read more
PositioningIdentity without friction

About

Why GrayPass exists and what we think identity should feel like next.

Read more

Feedback

Tell us where the demo surprised you.

Two sentences are enough. We read almost everything and reply to most.

Build with GrayPass

Identity, finally invisible.

Drop in the SDK, get an API key in minutes, and let your users prove who they are just by being themselves. Nothing to reset, nothing to send, nothing left to breach.

Try Demo