Truuth Biopass launches free MFA for up to 10,000 monthly active users

Mike Simpson
16th April, 2024 4 min read

Small and Medium Enterprises are often neglected when it comes to state-of-the-art cyber security solutions.  Service providers tend to focus on tier 1 clients who have deeper pockets and less tolerance for risk. Cyber security is a critical issue for businesses of all sizes, but small-to-medium-sized enterprises (SMEs) are particularly vulnerable to the threat with data showing that 43% of cyber-attacks target SMEs and that 60% of small businesses hit by a cyber-attack go out of business within six months.  Truuth is on a mission to protect organizations of all sizes from cyber attack. That’s why we’ve decided to offer Truuth Biopass free to all organizations with less than 10,000 Monthly Active Users.  This is not a trial or a limited time offer – it’s free for life!

The Problem

It seems that every day we’re confronted with new headlines of cyber attacks including data breaches, Account Takeover (ATO), and ransomware.  It’s not surprising that many organizations become resigned to the view that a cyber attack is inevitable, it’s just a matter of time.  The statistics back up this belief.  Research indicates that ATO attacks increased by more than 350% through 2023, and by more than 800% in the Fintech sector!  And cyber criminals are increasingly targeting SMEs with these attacks.  Unfortunately, most organizations are unprepared to detect and mitigate these attacks.

What is Account Takeover?

Account Takeover (ATO) occurs when a fraudster is able to gain access to someone’s account.  They can effectively pretend to be that person, meaning that anything the person does online using that account can be done by the hacker. The way a hacker uses your account can vary between exploiting it for financial benefit or using it as part of a longer-term campaign or strategic hack.  Once a hacker has access to your account, they can ask people for personal information, including login credentials, phone numbers, addresses, social security numbers, retirement account information, and other financial account details.

How does it happen?

A successful account takeover attack is typically executed using a few steps:

Step 1: Compromise the user’s credentials. People often use the same passwords for different accounts, as well as the same username, particularly if it is an email address. Hackers can use this to their advantage. Often, a hacking group will steal hundreds or thousands of passwords, and then another hacker can purchase that list and try those passwords to get into user accounts. In other situations, the attacker may get user credentials through a phishing attack.

Step 2: Test if the accounts work: Once an attacker has account credentials, the next step is to test them out to see if they work. Most hackers use bots that automatically test account credentials. This allows a hacker to try many sets of credentials on a variety of accounts simultaneously.

Step 3: Use or sell the credentials: As soon as a hacker knows that the credentials they have are legitimate, they will either use them for their own benefit or sell them to another hacker. Criminals on the black market are always ready to pay for a set of credentials. The amount a hacker can make varies depending on the type of account.  Privacy Affairs’ Dark Web Price Index study, which gathered data from dark web marketplaces, forums and websites, found:

  • Online banking login information costs an average of US$100
  • Full credit card details and associated data cost between US$10 and US$100
  • A full range of documents and account information that will allow identity theft can be purchased for about US$1,000

However, there are also examples where Personal Identifiable information is sold for less than US$0.01. 

Step 4: Access higher-value accounts:  Once a hacker has verified the validity of the credentials, they often use them to access a higher value account. An email account takeover, for example, can enable a hacker to request login credentials or change usernames and passwords for bank accounts.   

The Solution

Truuth Biopass is a risk-based passwordless authentication solution that delivers a step-change in authentication security and user experience.  Biopass is a multi-tenant and white-label SaaS solution that can be deployed in a matter of hours to protect user accounts from malicious activity.  Biopass is perfect for high-risk use cases where it’s critical to authenticate the right human and the right device.  Biopass is a simple plug in to existing Identity & Access Management (IAM) platforms such as Okta, Entra, Cognito, Ping, and Auth0.


Why Truuth Biopass?

Biopass offers the following distinctive benefits over competing solutions:


To mitigate the cybersecurity risks posed by generative AI, we believe it’s critical for organizations to transform their capabilities to detect identity attacks and Account Takeover at every stage of the user journey.  Truuth’s solutions verify the human behind the device for high-risk authentication events and we use a suite of AI models to detect identity fraud. These solutions detect more than 99% of fraudulent attacks.  And to protect SMEs across the globe we now offer Truuth Biopass free for clients with less than 10,000 Monthly Active Users.

If you would like more information, reach out to Truuth for a demo of our deep-fake detection and risk-based MFA solutions. 

Next article

Apply for Truuth Biopass launches free MFA for up to 10,000 monthly active users
Write to us with your resume at and we are more than happy to review your application.
Our Location
6/201 Kent Street,
Sydney NSW 2000
Contact us

Drop us a line and we will get back to you soon!