DEV Community

Cover image for 🚀 Toqen Mobile: access in 2 steps
Toqen.app profile image Anton Minin Baranovskii
Anton Minin Baranovskii for Toqen.app

Posted on

🚀 Toqen Mobile: access in 2 steps

#authentication #security #mobile #cryptography

Your phone is already your access key

Your smartphone is almost always within reach.

To sign in to any service, you just tap Sign in and confirm access on your phone.

It does not matter whether you had access before.

Access is granted instantly, and the service determines what data is required for further interaction.

Wherever you are — laptop, shared computer, TV, or any other screen —

everything comes down to two actions:

Scan → Confirm

No extra steps.

No manual input.

One app — Toqen — becomes your universal access key.

📱 How it looks

QR scanning

The user opens the app and scans a QR code from the screen.

If the camera is unavailable, a code can be entered manually.

Access confirmation

The app displays:

  • service
  • login context
  • request expiration

All that remains is to confirm.

Access hub

All access entries are stored in one place:

  • active
  • archived
  • usage history

This is a single point of access control.

Services list

Select a service → tap Sign in → confirm access.

🔐 How it works under the hood

Each login is not a data transfer — it is an access confirmation.

scan QR
↓
challenge
↓
sign (device_private_key)
↓
verify on server
↓
access granted
Enter fullscreen mode Exit fullscreen mode

What matters:

the QR contains only a temporary challenge
each request is single-use
the signature is created on the device
the server verifies it using the public key

🔑 Keys and security

The app uses a standard cryptographic model:

  • a key pair is generated (public / private)
  • the private key is stored in secure device storage
  • the public key is registered on the server
  • each login is a signed challenge

📌 Biometrics and device protection

Biometrics act as a local protection layer:

  • Face ID / Touch ID / Android Biometrics
  • device PIN
  • protected access to keys

In practice:

The device verifies the user locally
and then signs the request.

📎 Where passkeys fit in

It is important to be precise here:

Toqen follows the same core model as passkeys:

  • device-bound keys
  • challenge-response
  • no secret transmission

At the same time:

👉 passkeys are defined by standards like WebAuthn / FIDO2
👉 Toqen is an architecture that also supports QR-based flows and external screens

A correct way to describe it:

The architecture aligns with passkey principles and device-bound authentication.

⚡Why it is faster

Typical login:

  • enter username
  • enter password
  • confirm
  • recover if forgotten

Here:

2 actions

Scan → Confirm

📲 Availability

The app is available on Google Play in closed testing.

Join via form

Feedback

Direct access

Open to feedback and discussion.

Top comments (0)