FAQ List - Security and Infrastructure

HYPR fixes the way the world logs in. HYPR’s True Passwordless multi-factor authentication (PMFA) platform eliminates the traditional trade-off between uncompromising assurance and a consumer-grade experience so that organizations decrease risk, improve user experience and lower operational costs.

Performance and Capabilities

How many transactions per second can HYPR handle?

HYPR scales to thousands of transactions per second. The system is horizontally scalable and handles high throughput of transactions to fit customer needs.

How does Offline Mode with HYPR work?

HYPR uses a decentralized PIN to enable offline mode. This is a pattern unique to HYPR that does not rely on a shared secret model that is centrally stored and vulnerable to attacks.

How does a user gain access when they lose their paired device?

Users can go through their organization’s account recovery protocol or be issued a temporary decentralized PIN until they pair a new device with their account.

What is HYPR's product support schedule?

HYPR provides maximum support for at least the three prior versions of the product and is actively tested across widely used builds across mobile and workstation operating systems and devices. Product updates and releases are available every six weeks, and patches are made available as needed. Alternatively, customers can opt to receive new versions on the Long-term Support (LTS) plan, which releases quarterly.

What is the availability of HYPR?

The HYPR Cloud Platform is architected to ensure 99.99% availability. HYPR provides cloud-native  deployments that support high availability and is a globally distributed platform.

Does HYPR provide 24x7 support year-round?

HYPR provides a wide range of support services to cater to your specific business needs. Options include:

  • Standard Support
    includes business-hours coverage, access to the HYPR support portal, standard troubleshooting and technical assistance.
  • Premium Support
    Provides enhanced support including 24/7 coverage, with priority web and phone support, as well as technical and engineering support to ensure successful deployments and operation of HYPR solutions.
  • Premium Support Plus
    Provides elevated support beyond Premium Support including a dedicated Customer Success Manager to provide advocacy and insights as a trusted advisor.
  • Technical Account Manager
    TAM is HYPR’s highest level of support which provides customers with a dedicated Technical Account Manager who works closely with you to ensure best practice guidelines are utilized
    for effective deployment and operation of HYPR solutions.

For more info on our support services visit www.hypr.com/support.

Does HYPR Desktop MFA support Windows 10?

HYPR provides secure passwordless login to all Windows 10 devices.

The HYPR Workforce Access Client for Windows is designed to ensure each employee has a convenient, more productive, and secure experience accessing Windows workstations. Once deployed, employees can unlock their Windows workstations utilizing their mobile devices. HYPR provides a True Passwordless FIDO Certified architecture to ensure this experience is fully interoperable with your environment.

Watch this video to learn more about HYPR Windows 10 Support.

See also Supported Platforms.

What are the camera requirements for using face authentication?

To use Face Authentication with HYPR, we recommend the following:

  • The minimum recommended camera resolution is 480x720
  • Your face should be at least 128 pixels from edge to edge

How do I enable auditing, logging, and/or application monitoring?

The Audit Trail is designed to help admins discover if and when issues occur during registration, authentication, or transaction. HYPR captures this user activity data and provides access to it in a simple, easy to use interface. This lowers troubleshooting time and personnel resources, so that the issue can be identified and remedied quickly.

Learn more about the Audit Trail.

Does HYPR Support OTP apps and hardware tokens?

HYPR does not support OTP applications or hardware tokens such as RSA SecureID or Symantec VIP. 

Most OTP methods are inherently insecure, as they rely on passwords and shared secrets, leaving users susceptible to password spraying and MITM attacks.

The HYPR Cloud platform enables customers to move away from shared secrets by leveraging secure public-key encryption for customer and workforce applications.

Integrations and Standards

Does HYPR use FIDO and FIDO2?

HYPR is certified in FIDO2, UAF, and U2F standards. We implement FIDO to be easily adoptable and scalable. Learn more from our whitepaper on how Not All FIDO Is the Same.

Learn more about HYPR FIDO.

Look up FIDO product certifications; search for HYPR on the FIDO Alliance Website.

See How does HYPR support FIDO and FIDO2? for a more comprehensive description, including Known Issues.

Does HYPR support YubiKeys and other FIDO-based security keys?

Yes, HYPR supports YubiKeys and other FIDO hardware tokens. HYPR is FIDO® Certified end-to-end, making it fully interoperable with FIDO2 and U2F Certified roaming devices for passwordless or second factor authentication. These include iOS and Android mobile phones, smart cards, and platform authenticators (i.e., Windows Hello and Touch ID on Apple Macbook Pro machines).

To learn more, watch the HYPR YubiKey FIDO2 Passwordless Web Authentication demo.

HYPR also supports CTAP

FIDO supports CTAP through certification with the FIDO Alliance's FIDO2 open standard. HYPR is FIDO Certified end-to-end.

The FIDO Alliance’s Client to Authenticator Protocols (CTAP1, CTAP2) specifications complement the W3C’s WebAuthn Protocol, and together these protocols enable a true passwordless experience. CTAP2 enables mobile phones and FIDO security tokens to interface with FIDO2 web browsers and operating
systems over USB, NFC, or BLE. Together these deliver 2FA, MFA, or passwordless authentication. CTAP1
(formerly FIDO U2F) enables existing FIDO U2F security keys and wearables for authentication on FIDO2 browser and operating systems over USB, NFC, or BLE, but only for 2FA alone.

See How does HYPR support FIDO and FIDO2? for a more comprehensive description, including Known Issues.

What identity providers (IdPs) does HYPR support?

Okta, Azure AD, ForgeRock, Ping Identity, FusionAuth, and any SSO provider that supports SAML or OIDC standards. See the full list.

What federation frameworks does HYPR support?

HYPR supports SAML, OAUTH2, and OIDC. Learn more about how HYPR extends federation support.

Does HYPR work with G-Suite or Office 365?

Yes. You can use HYPR with G-Suite or O365 via SAML.

Does HYPR work with endpoint antivirus software?

At installation, HYPR performs a diagnostic of endpoint software that may cause conflict. 

Windows Defender recognizes HYPR as a trusted binary. In certain cases, some antivirus software may prevent a HYPR DLL files and services from executing. In this case you need to whitelist it.

Please ensure the following files are whitelisted in your antivirus and or endpoint protection:

  • HYPR Service
    • HYPR Workforce Unlock Service : HyprOneService.exe
  • HYPR DLL
    • HyprCredProvider.dll
    • Hypr.Lib.Unlock.dll

Logging and Monitoring

With which SIEMs does HYPR integrate?

HYPR integrates with any SIEM tool such as Splunk, Greylog, Exabeam, ELK, and more. The platform also supports the ability to create Intelligent Extensions and Event Hooks that can provide further integration with any SIEM product that customers may have. 

Does HYPR provide an Audit Trail? What information is logged and stored?

HYPR is designed to help administrators quickly troubleshoot when issues may occur during registration, authentication, transaction, and de-registration. The Audit Trail and Analytics Dashboard functionality provide data that can be used for compliance as well as helpdesk purposes. This includes information on user devices for mobile and workstations, as well as any errors that may have occurred within the platform. For a more custom experience, DataDog and Splunk integrations allow Event Hooks to collect additional information.

Data Management

How does HYPR encrypt data?

Any data that is security relevant is encrypted using AES-256 encryption at rest. The encryption is done at  the persistence layer within the application software.

How does HYPR store data?

HYPR stores data in a relational database where necessary fields are encrypted.

How does HYPR provide segregation of tenant data?

Each tenant data is stored in a separate database schema in order to ensure separation of concerns for tenant information. This capability enables HYPR to easily delete, backup and restore data in the event that it’s necessary.

What type of data is collected, and what PII (personally identifiable information) does HYPR store?

HYPR primarily stores public keys which are not considered PII. HYPR also stores usernames and emails
when they are used as usernames which are encrypted in the relational database.

Who has access to the data?

Control Center administrators have UI access, and database administrators have direct access to the data.

Who has access to data centers, and how long is data kept?

Only HYPR staff with proper security clearance have access to data centers. This access is regularly re-visited as part of the corporate security policy.

What kind of databases does HYPR support?

HYPR supports MySQL and JDBC-compliant databases for at rest storage. HYPR also leverages caching technologies which store temporary session data that does not require persistence.

What infrastructure is required for HYPR?

HYPR is hosted for customers on AWS. For HYPR Passwordless, Active Directory Certificate Services (AD CS) are required to enable True Passwordless Desktop MFA.

Security and Privacy Certifications and Compliance

Is HYPR SOC 2 Certified?

Yes. HYPR has certified its systems to SOC 2 Type II through an AICPA-accredited independent auditor who has assessed the operational and security processes of our service and our company.

Is HYPR ISO Certified?

Yes. A-LIGN, an ANAB accredited auditor, has certified that HYPR meets the standards for ISO 27001. This
validates that HYPR has met rigorous international standards in ensuring the confidentiality, integrity, and
availability of customers’ information.

In addition, HYPR is certified for ISO 27017 and ISO 27018, which provide additional information security and data privacy controls for cloud service providers to protect personally identifiable information (PII) and reduce security risk in a cloud-based environment.

Does HYPR support SSL Pinning?

Yes. HYPR supports SSL Pinning for organizations that have it as a security requirement. SSL Pinning enhances the security of the overall HYPR ecosystem and prevents MITM (Man-In-The-Middle) attacks. 

Read Documentation about SSL Pinning in HYPR

What security testing has been performed on both the HYPR Mobile App and the Control Center servers that are used? Who performs this testing?

HYPR follows a strict SDLC program and does both third-party and internal penetration tests and security reviews on all components, including mobile applications and server-side software.

Does HYPR adhere to OWASP Top Ten?

HYPR follows the OWASP Top 10 awareness document for web application security. HYPR also adheres to OWASP's Application Security Verification Standard (ASVS).

How often do you pen test your product, and office?

HYPR externally pen tests the product bi-annually, and continually does internal pen tests for releases.

HYPR's office is located in a 24-hour guarded building that has security systems and cameras in place. As standard operating procedure and as a matter of company policy, these systems are all required to be online, monitored, and tested.

Are you NIST 800-63B compliant?

HYPR is focused on reducing the burden on the implementation of Authenticator Assurance Level (AAL) 3. HYPR’s solution enables businesses to be compliant regarding AAL3 which, according to NIST 800-63B "provides very high confidence that the claimant controls authenticator(s) bound to the subscriber's account."

Does HYPR support the California Consumer Privacy Act (CCPA)?

HYPR addresses the ‘right to deletion’ as part of the CCPA. The HYPR Administrator can remove the user from specific HYPR applications with which they were registered upon request.

Does HYPR address General Data Protection Regulation (EU GDPR)?

HYPR addresses the GDPR ‘right of access’ to personal data and the ‘right to erasure’. Upon request, administrators can supply personal data and or remove user data.

What is the difference between a HYPR Administrator and a HYPR User?

  • HYPR Admins are the people who initiate HYPR for others at work or for those who create an account on an online service. They work for the enterprise or the online service.
  • HYPR Users are the people at work who use HYPR to unlock their workstation and log into company resources, and they are also people who use consumer apps (e.g., mobile or desktop banking apps) that are powered by HYPR.

 

All HYPR Certifications


Contact Us

hypr.com

 

 

Was this article helpful?
1 out of 2 found this helpful