Software:KeyAuth
 | |
 KeyAuth Dashboard on the website | |
| Original author(s) | William nelson |
|---|---|
| Developer(s) | Nelson Cybersecurity LLC |
| Initial release | November 26, 2020 |
| Repository | github |
| Written in | PHP |
| Operating system | Linux, macOS, Windows, Android, iOS |
| Available in | 1 languages |
List of languages English | |
| License | Website: AGPL-3.0-only[1] SDKs: MIT License[2] |
| Website | https://keyauth.cc |
KeyAuth is a freemium open-source authentication service aimed at mitigating digital piracy. The platform offers several SDKs for various programming languages such as C#[3], C++[4], Python[5], Java[6], JavaScript[7], PHP[8], Lua, and Go.[9] KeyAuth provides a free cloud-hosted service[10] as well as the ability to self-host.[11]
Primary use of KeyAuth occurs from its website[10], however there is also a mobile app for Android available[12] as well.
Features
Overall security
- Open-source codebase[11]
- SHA1 hashing of email addresses[13], i.e. KeyAuth can't view customer email
- 2FA Login
- WebAuthn login with security keys[14]
Other
- License key management
- User management
- Chat channels, allow your users to communicate amongst each other
- Webhooks, ability to send requests to an API from an SDK without leaking the URL
- File download, ability to download files in the SDK without leaking the download URL
- Global variables, store strings on server behind authentication
- User variables, store a string unique to each user on server behind authentication
- Logging, collect events on the server or forward them to a Discord webhook
- Blacklist IP addresses or Hardware ID from utilizing your software
- Deny access to your software from IP addresses originating from VPNs
- Customer panel, allow your users to view their user data on a website and reset their Hardware ID bound to their account
- Create sub-accounts to allow other people to manage your software
- Reseller system so you can allow people to buy license keys to your software and have the ability to manage those license keys from the website
- Web loader, allow your users to login to your software from the website and interact with the software from the website[15]
History
KeyAuth was founded on November 26, 2020 by Nelson Cybersecurity LLC. The founder William Nelson was first skeptical about open-source software, releasing KeyAuth as proprietary software.
Upon further investigation into open-source, learning the security benefit of having more eyes inspecting the code, and customer wants to further customize KeyAuth; the founder released the KeyAuth source code on GitHub under an open-source license on June 23, 2021.
To help support development costs and provide users with a way to pay for the setup of the software on their server, the founder made the source code of paid KeyAuth features proprietary on September 3, 2022.
Support for Russian customers
The founder of KeyAuth disagrees with the decision of companies such as VISA and Mastercard to block Russian consumers. He doesn't believe that punishing citizens which don't all support the war in Ukraine is the right thing to do. KeyAuth has added payment methods such as Perfect Money and plenty of cryptocurrencies to ensure Russians can continue to be able to purchase KeyAuth. Fortunately for them, their CDN provider Cloudflare will not block Russian users - stating "we believe that shutting down Cloudflare's services entirely in Russia would be a mistake"[16]
New Ownership
The founder of KeyAuth William Nelson is an engineering university student and claims he can't find much time to work on his service anymore. On January 18th, 2022, he announced that KeyAuth would soon be under the ownership of a new individual. This individual doesn't reveal his identity though goes by the alias 'It's Networking'. He is currently managing KeyAuth beneath the founder and is expected to be given full ownership in late 2023.
Security Concerns
The KeyAuth founder granted a developer who was the owner of the now-defunct authentication service trinityseal.me access to the source code and database of the KeyAuth website. On June 06, 2021, this developer became disgruntled and leaked the source code, which was proprietary at the time[17]. He then demanded a $500 ransom to keep the database private. Given that Cybersecurity experts state you should never pay a ransom[18], the KeyAuth founder refused to pay and the database was subsequently leaked as well.[17]
While the security incident did not occur as a result of a vulnerability in the code, people were understandably worried. This only further increased the demand for KeyAuth to become open source software. This is a very good thing in the eye of several users, which were able to see this become a reality later that month.
KeyAuth has also been the target of several digital pirates.These pirates would create Proof of Concepts (POCs) claiming that any application using KeyAuth on the programming language they targeted, mostly C++, could be circumvented and essentially pirated by whomever. The KeyAuth founder disputed these POCs by claiming that software adequately protected with methods such as obfuscation and anti-tamper would be resistant to these issues.[19]
References
- ↑ "KeyAuth License Agreement". 26 December 2022. https://github.com/KeyAuth/KeyAuth-Source-Code/blob/main/LICENSE_KEYAUTH.txt.
- ↑ "KeyAuth SDK License". 26 December 2022. https://github.com/KeyAuth/KeyAuth-CPP-Example/blob/main/LICENSE.
- ↑ KeyAuth-CSHARP-Example, KeyAuth, 2022-12-21, https://github.com/KeyAuth/KeyAuth-CSHARP-Example, retrieved 2022-12-26
- ↑ KeyAuth-CPP-Example, KeyAuth, 2022-11-30, https://github.com/KeyAuth/KeyAuth-CPP-Example, retrieved 2022-12-26
- ↑ KeyAuth-Python-Example, KeyAuth, 2022-11-30, https://github.com/KeyAuth/KeyAuth-Python-Example, retrieved 2022-12-26
- ↑ spray (2022-12-24), KeyAuth-JAVA-API, https://github.com/SprayDown/KeyAuth-JAVA-api, retrieved 2022-12-26
- ↑ mazkdevf (2022-09-02), KeyAuth-JS-Example - Multi API Example's, https://github.com/mazkdevf/KeyAuth-JS-Example, retrieved 2022-12-26
- ↑ KeyAuth-PHP-Example, KeyAuth, 2022-11-30, https://github.com/KeyAuth/KeyAuth-PHP-Example, retrieved 2022-12-26
- ↑ mazkdevf (2022-11-22), mazkdevf/KeyAuth-Go-Example, https://github.com/mazkdevf/KeyAuth-Go-Example, retrieved 2022-12-26
- ↑ 10.0 10.1 KeyAuth. "KeyAuth - Open Source Auth" (in en). https://keyauth.cc.
- ↑ 11.0 11.1 KeyAuth-Source-Code, KeyAuth, 2022-12-23, https://github.com/KeyAuth/KeyAuth-Source-Code, retrieved 2022-12-26
- ↑ "KeyAuth - Apps on Google Play" (in en-US). https://play.google.com/store/apps/details?id=com.wnelson03.rn&hl=en_US&gl=US.
- ↑ KeyAuth-Source-Code, KeyAuth, 2022-12-23, https://github.com/KeyAuth/KeyAuth-Source-Code/blob/3eb0ab54de336b9a379cf9996965d275f928bd14/register/index.php#L343, retrieved 2022-12-26
- ↑ Nelson, William. "Setup YubiKey/Security Key - KeyAuth". https://docs.keyauth.cc/website/account/account-settings/setup-yubikey-security-key.
- ↑ (in en) KeyAuth Web Loader (Control your C++ application from website!), https://www.youtube.com/watch?v=9-qgmsUUCK4, retrieved 2022-12-26
- ↑ "Steps we've taken around Cloudflare's services in Ukraine, Belarus, and Russia" (in en). 2022-03-07. http://blog.cloudflare.com/steps-taken-around-cloudflares-services-in-ukraine-belarus-and-russia/.
- ↑ 17.0 17.1 Meir, Alex (2021-06-06). "Keyauth.com Breached - Source | Database | Dox on owner "Mak"". https://archive.ph/A7opu.
- ↑ Freed, Anthony M.. "Three Reasons Why You Should Never Pay Ransomware Attackers" (in en). https://www.cybereason.com/blog/three-reasons-why-you-should-never-pay-ransomware-attackers.
- ↑ Nelson, William (2022-08-01). "Security practices - KeyAuth". https://docs.keyauth.cc/security-practices.
 |  |
