Identity
Challenge Card
Iranian Stryker attack exposes device-dependent MFA vulnerability. Deviceless MFA authentication closes every exception. It verifies the human not the device.
- 100% workforce coverage
- 100% of the Time
- Cost 75% less than current MFA
| # | A | B | C | D | E |
|---|---|---|---|---|---|
| 1 | INSTALL POWDER | GARDEN BRIDGE | MARBLE SILVER | ROCKET WINDOW | GUITAR CASTLE |
| 2 | PLANET ANCHOR | TURTLE FOREST | BASKET TEMPLE | VELVET PIRATE | COTTON DRAGON |
| 3 | CANYON MAGNET | PUZZLE ORANGE | VIOLET BEACON | COPPER JUNGLE | CARPET MONKEY |
| 4 | HARBOR KNIGHT | VISION QUARTZ | JASPER WILLOW | SUMMIT STREAM | PARROT FABRIC |
| 5 | MEADOW COBALT | FABRIC SPHINX | FALCON BINARY | ORCHID PRISM | LANTERN OXYGEN |
Protecting the world's workforce since 1997
Device-Dependent MFA
Can't Protect Workers
Who Don't Have a Device
Modern MFA has a blind spot. It assumes every worker has a managed device — and frontline workers often don't. No enrollment. No MFA. No real protection. That isn't a coverage gap; it's a design flaw that only Deviceless MFA can close.1,2,3
0%
of the global workforce is deskless
No device. No enrollment. No Conditional Access signal. Device-bound MFA can't reach them. Deviceless MFA can.
0
Industries
0–0%
Device MFA reach
The Identity Challenge Card is Deviceless MFA.
A physical, air-gapped authentication factor — no phone, no laptop, no app, no network. The authenticator isthe card, not the device. That's what makes it deviceless: 100% workforce coverage, including the 70–95% your MDM will never touch.
For CFOs: every unprotected frontline worker is an uninsured breach vector. Deviceless MFA is how the math changes.
Sources
- [1] Emergence Capital — The State of Technology for Deskless Workers (2020)
- [2] BCG — Making Work Work Better for Deskless Workers (Dec 2022)
- [3] Gartner — 75% of new mobile initiatives target frontline workers
- [4] Fortune — 2025 Fortune 500 List (June 2025)
The Iranian Handala
Stryker Attack Is
Why Deviceless MFA Exists.
When Stryker's device-bound MFA went down during the Handala intrusion, recovery got slower, more expensive, and more dangerous. The Identity Challenge Card is Deviceless MFA— workforce verification restored in one day, without devices, connectivity, or help desk bottlenecks. That's the difference between an incident and a catastrophe.
Device-Dependent MFA vs
Deviceless Authentication
Device-Dependent MFA
Identity Challenge Card
With this fallback identity layer, Stryker's rebuild would have been days, not weeks.
Three Factors. Zero Device Dependency.
Each authentication combines three independent factors — none of which require a phone, an app, or a network connection. That's what makes it Deviceless MFA.
Challenge Card Factor
A randomized grid response unique to each card. The system asks for a coordinate — only the person holding the physical card can answer. It's the factor that makes the card deviceless.
Private Knowledge Factor
A secure PIN known only to the user. Even if someone finds the card, they cannot authenticate without this second piece.
Identity Anchor Factor
An employee ID or account number that binds the challenge to a specific person — closing the loop between card, knowledge, and identity.
See Deviceless Authentication. Try It.
Understand It in 60 Seconds.
Self Enrollment or Auto Enroll Everyone at Once.
See the full Deviceless MFA enrollment flow from start to finish — a user receives their card, a temporary pin, and completes their first identity challenge. One day. Every worker. No devices.
This is
Deviceless MFA.
Try it.→
A simple idea: a physical, air-gapped authenticator that keeps working when everything device-bound fails. No phone. No app. No network. That's Deviceless MFA.
No phone required
No app required
No network required
Works when device MFA fails
Deploys in one day
Zero help-desk bottleneck
| # | A | B | C | D | E |
|---|---|---|---|---|---|
| 1 | INSTALL POWDER | GARDEN BRIDGE | MARBLE SILVER | ROCKET WINDOW | GUITAR CASTLE |
| 2 | PLANET ANCHOR | TURTLE FOREST | BASKET TEMPLE | VELVET PIRATE | COTTON DRAGON |
| 3 | CANYON MAGNET | PUZZLE ORANGE | VIOLET BEACON | COPPER JUNGLE | CARPET MONKEY |
| 4 | HARBOR KNIGHT | VISION QUARTZ | JASPER WILLOW | SUMMIT STREAM | PARROT FABRIC |
| 5 | MEADOW COBALT | FABRIC SPHINX | FALCON BINARY | ORCHID PRISM | LANTERN OXYGEN |
Coordinate C2 — TOP word
Your PIN 1234
Employee ID EMP-48291
How Three-Factor Works
· Challenge Card Factor — Find the coordinate (e.g., A1, B3) and enter the TOP or BOTTOM word
· Private Knowledge Factor — Read your 4-digit PIN, then enter it in the PIN field
· Identity Anchor Factor — Your Employee ID is verified automatically
· Both factors required — The word and PIN must both be correct to gain access
· New challenge — Click 'New Game' to randomize a fresh coordinate and PIN
The Business Value of
Deviceless MFA Mapped to Who's Buying
Every persona has different success criteria. See the outcomes that matter to your role — from closing audit gaps to defining a new market category.
Auditors expect 100% MFA coverage — but device-dependent solutions leave 80% of your workforce unprotected. The Identity Challenge Card eliminates every exception. Deviceless MFA is how you get to 100% with no asterisks.
Eliminate the 80% MFA Gap with Deviceless MFA
Most MFA mandates require all users — but device-based solutions exclude factory floors, shared workstations, field staff, and contractors. The Challenge Card closes every exception, giving auditors complete coverage evidence with no asterisks.
Resist Push Fatigue & Real-Time Phishing
Air-gapped authentication eliminates push-notification hijacking, SIM-swap, and real-time phishing attacks that defeat SMS and TOTP. The challenge/response is offline and unreplayable — no interception vector exists.
Maintain Audit-Ability & Policy Enforcement
Card issuance, expiration, re-enrollment, and revocation are all logged and policy-enforced. Admins set expiry windows; users receive automated reminders. Every access event is traceable — no gaps in the audit trail.
Ready to close your compliance gaps with Deviceless MFA?
See how the Identity Challenge Card — Deviceless MFA — satisfies auditors and protects every worker in days, not months.
Built for Global Workforces
Challenge cards available in 29 languages for multilingual deployment across global workforces and customer-facing support environments.
Deviceless MFA, Trusted in Regulated Environments
The Identity Challenge Card is Deviceless MFA engineered for regulated workloads: zero PII on the card, full lifecycle auditability, and an architecture that satisfies NIST 800-63B, SOC 2, PCI-DSS v4, and ISO 27001 on the first audit pass.
Privacy by Architecture
No PII on the card — nothing to breach
- Zero personal information stored on the physical card
- No name, no ID number, no user mapping printed or encoded
- A lost card cannot be exploited without the separate PIN
- Nothing to disclose under breach notification requirements
- Deviceless MFA: privacy by design, not privacy by policy
Full Lifecycle Controls
Every card event is logged and policy-enforced
- Card issuance, expiration, and revocation are fully auditable
- Admin-configurable expiry windows with automated reminders
- Service Desk use auto-expires the card immediately after use
- Re-enrollment flows enforce policy before issuing replacements
- Complete audit trail — every access event is traceable
Phishing-Resistant by Design
Air-gapped Deviceless MFA with no interception vector
- Eliminates push-notification hijacking and SIM-swap attacks
- Challenge/response is offline and unreplayable
- No network dependency means no man-in-the-middle attack surface
- Meets CISA phishing-resistant MFA guidance (EO 14028)
- Satisfies NIST 800-63B verifier impersonation resistance
Frequently Asked Questions
Everything you need to evaluate Deviceless MFA — by role, by risk, by question asked in the last procurement review.
Security posture & attack surface
What exactly is Deviceless MFA — and how is the Identity Challenge Card different from every other MFA?
Is a printed card actually secure? A lost card means a compromised credential.
We already have MFA. Why does our existing solution leave a documented gap?
How does this meet CMMC, HIPAA, PCI-DSS, and GDPR requirements?
What happens during an active cyberattack when identity systems are down?
Can push bombing or replay attacks work against this?
See Where Deviceless MFA
Fits in Your Environment
No commitment · 30-min Deviceless MFA walkthrough · same-day response
Talk to the team behind the Identity Challenge Card — the first production Deviceless MFA.
