SecurityDevelopersArchitectureAbout
Try Demo

GrayPass is a behavioral signature.

You are the password.

GrayPass verifies who you are by how you behave, not what you type.

Try Demo
< 0 msdecision latency
0-Dfeature vector
0raw biometrics stored
0 minfirst integration

Backed by Tinkerers:

1517 Fund
Boost VC
ElevenLabs
Rideau Hall Foundation
Ingenious+
What GrayPass does

Three steps. One identity. Zero passwords.

01

We pick up how you react.

A short challenge captures the timing of your reactions and the rhythm of your typing.

02

We turn it into a salted print.

Those signals collapse into a small, salted vector. The raw behavior never leaves the session.

03

We verify the next time it matches.

On every login we recompute the print and decide accept or deny in milliseconds.

What the numbers say
< 0 ms
Median decision time
0-D
Feature vector
0
Raw biometrics retained
0 min
Typical time to first call
Why this exists

Authentication that cannot be stolen.

Passwords get stolen. OTPs get intercepted. Fingerprints leak. We built an identity layer that refuses to be any of those.

Reaction timingmatch

Behavior-first security

We pick up the rhythm behind your reactions. Shoulder surfing, credential stuffing, and replay attacks have nothing to copy.

Salted, projected, stored

Privacy by design

Raw behavior never leaves the session. We store a salted print, encrypted at rest, with helper data on a rotation.

rotate seed

Cancelable templates

If anything ever leaks, we rotate the seed. Your identity stays. The template behind it is replaced in minutes.

187 msDecide

Sub-second decisions

Accept or deny in milliseconds, with calibrated confidence ready for your policy engine.

0104020503Shuffled, timed, signed

Replay-hard challenges

Server-driven schedules with jittered timing. Macros and remote-takeover tools fail the timing tests.

Inside the product

Inside GrayPass

Four short reads. Pick one and you will know what we built and why it matters.

clientfeaturessalteddecideEnd to end

Architecture

How a session moves from a calibration to a salted print to a decision, end to end.

Read more
Defense in depthencrypted · salted · rotatable

Security

Encryption at rest, salted prints, cancelable templates, and the things we deliberately never store.

Read more
// 3 calls. one identity.await gp.start(user)const sig = await gp.capture()const { ok, p } = await gp.verify(sig)Client SDK

Developers

Three calls to ship a passwordless login. The SDK does the heavy lifting in the browser.

Read more
PositioningIdentity without friction

About

Why GrayPass exists and what we think identity should feel like next.

Read more
Try it yourself

Two minutes. No hardware. No password to remember.

The full enrollment-and-login loop runs end to end in about two minutes. Here's what to expect.

I

Enroll your Brainprint

A quick series of tests designed to mimic natural interactions with your device.

II

Camera (optional)

Turn on your webcam if you want gaze tracking. No camera works fine too the rest of the signals stand on their own.

III

Routine tasks

Follow tasks like everyday routine work — scrolling across the screen, looking around, typing, and clicking paths.

IV

Mock workspace & live trust

Drop into a mock workspace and "work" normally. Watch your Continuous Trust Score on the side with full GrayPass telemetry. Simulate a bot attack and see the score drop in real time.

V

Cross the trust threshold

Try logging into "trusted" surfaces like the dashboard or billing to feel how the Trust Score Threshold gates real actions.

Feedback

Tell us where the demo surprised you.

Two sentences are enough. We read almost everything and reply to most.

Build with GrayPass

Identity, finally invisible.

Get an API key in minutes. The SDK runs in the browser. Your stack doesn't have to change.

Try Demo