Since Swivel began, we’ve been innovators in image-based, tokenless authentication via web browsers and is one of the most popular ways to deploy the Swivel solution – all designed to protect web pages, Outlook Web Access (OWA) and SSL VPNs.   In this  mode the user is presented with their challenge (security string) in the same channel that they will enter their response (one-time-code).  This is generally implemented within a browser.

We have a number of different ways this can be implemented: all of which enable simple and seamless integration with these technologies and all provide an effective alternative (or addition) to traditional, vulnerable username & password authentication.

As a user never actually enters their PIN, the process is never open to keyboard-logging hacks.  This approach has a number of advantages including:

  • Very easy to deploy
  • Very easy to use
  • Very flexible
  • Highly scalable


PINpad is composed of 10 images, each representing a number, which are randomly distributed on different keys each time it is used. The layout of the buttons can be varied.

There are two ways in which the PINpad solution can be deployed. The default method is for the OTC to be automatically entered into the form as the user mouse-clicks the digits of their PIN on the virtual keypad. As no real keys are used, the PIN cannot be intercepted or captured to any advantage to a hacker.

The alternative method is clickless OTC entry. The user enters their PIN by hovering over the digits for a set period of time. This means that there is no key press or mouse click to trigger a keylog or screen grab.


A TURing image is a security string represented as an image. The image has placeholders to help the user extract the One Time Code. The user combines their PIN in their head with the security string and enters their OTC within the login screen.

 In this example, a PIN of 4359 would produce a One Time Code of 1268. The TURing image is by far the most popular authentication interface especially with users.

More Information:

Single Channel Authentication Options Whitepaper


A key, and unique feature, of our authentication platform is our patented one-time-code extraction protocol PINsafe. PINsafe combines the use of registered PINs with random 10 digit security strings that are sent to you either by browser, mobile app, SMS and telephone either on demand or in advance. You then combine these in your head to work out your unique one-time access codes, putting you at the heart of the strong multi-factor authentication process. Learn More

What our customers say

Get In Touch