gong.com
Seven in ten apps on your phone share your data with third parties. So your key never lives on it.
Your identity is one key, split across your devices — each holds just one piece of three. One piece unlocks nothing; it takes two to be you, and no single device ever holds two. Lose your phone, or fill it with spyware — you're still safe.
No password. Nothing to steal in one place. How it works →
Watch a real P-256 ECDSA signing ceremony run in your browser via WebAssembly — Shamir Secret Sharing splits your key across 3 devices, any 2 reconstruct it to sign. No passwords. No OAuth. No server ever sees your private key.
Lose a device? Lose nothing.
The fear that keeps people off crypto — gone.
Two of three: no single device can be you — and no single loss can stop you.
How it works
Three ideas. One ceremony.
Shamir Secret Sharing
Your identity key is split into 3 shares using Galois Field arithmetic. Any 2 shares reconstruct the key. 1 share alone reveals nothing — mathematically, not by policy.
P-256 ECDSA Ceremony
Two devices combine their shares, reconstruct the key, sign a server-issued challenge, then immediately discard the key. With a hardware key, signing happens inside the nRF54L15 MCU — the master key never leaves the chip.
Credential = Authorization
The signature IS the proof. No session lookup. No policy engine. No single point of compromise. Lose a device? Revoke its share, issue new ones — identity intact.
One key. Everywhere it matters.
The same possession-proven identity, every place a password fails.
Join the waitlist
Building agent identity infrastructure, SSH key management, or hardware-anchored auth? Get early API access.