Frequently Asked Questions

Celestix V-Key

V-Key FAQs

  • What is Multi-factor Authentication (MFA)?

    MFA is when a user is prompted for at least two pieces of identification when logging into services or applications. The first is normally a password, and the second is something they don’t know — like a randomly generated PIN that is sent to them via a text message or mobile authentication application. MFA is offered by many different online services, including most email providers and banks.

  • Why do we need MFA?

    MFA provides an extra layer of security. Even if a password is compromised, an attacker would still need to bypass the second layer of authentication, making it much harder for unauthorized users to gain access.


  • What cybersecurity threats does MFA help us guard against?

    If an attacker discovers a user’s password, through phishing attacks, leaks and data breaches, or simply guessing it, then having MFA turned on would decrease — but not completely prevent — the likelihood of unauthorized users gaining access to corporate emails and services. Multi-Factor Authentication (MFA) is a powerful security mechanism that helps guard against various cybersecurity threats by adding additional layers of verification beyond just a username and password. Here are some cybersecurity threats that MFA helps mitigate:

    1. Password Attacks: MFA mitigates the risk of password-related attacks, such as brute force attacks or dictionary attacks, where an attacker attempts to guess or crack a user's password.
    2. Phishing: MFA helps protect against phishing attacks by requiring additional factors for authentication. Even if an attacker manages to trick a user into revealing their password, they would still need the additional authentication factor.
    3. Credential Theft: In cases where user credentials are stolen through various means, including data breaches or malware, MFA adds an extra layer of protection. The stolen credentials alone are insufficient for unauthorized access.
    4. Man-in-the-Middle Attacks: MFA helps mitigate the risk of man-in-the-middle attacks, where an attacker intercepts and potentially alters the communication between two parties. Even if intercepted, the attacker would still need the additional authentication factor.
    5. Session Hijacking: MFA provides protection against session hijacking attempts, where an attacker tries to take over an authenticated user's session. Without the additional authentication factor, the attacker's access would be limited.
    6. Keylogging: MFA helps guard against keyloggers that may capture keystrokes, including passwords. Even if the password is captured, the second factor (e.g., a one-time code) remains unknown to the attacker.
    7. Credential Stuffing: MFA adds an extra layer of defense against credential stuffing attacks, where attackers use previously leaked username and password combinations to gain unauthorized access to accounts.
    8. Unauthorized Access: MFA helps prevent unauthorized access to accounts, systems, or applications, even if the attacker has obtained valid login credentials through various means.
    9. Insider Threats: MFA helps mitigate the risk of insider threats by requiring additional verification, making it more challenging for malicious insiders to compromise accounts or systems.
    10. Device Trustworthiness: Some MFA systems may include device trust assessments, ensuring that the device used for authentication is secure and not compromised.

    By incorporating multiple factors (something you know, something you have, or something you are), MFA significantly strengthens security and provides a robust defense against a wide range of cybersecurity threats. However, it's important to note that no security measure is completely foolproof, and organizations should adopt a comprehensive cybersecurity strategy that includes regular security assessments, updates, and user awareness training.

  • What is the benefit of Provisioning multiple tokens within a single app?

    Provisioning multiple tokens within a single app is a way to provide users with a more streamlined and secure authentication experience. Instead of having to use multiple apps or devices to authenticate, users can use a single app to access multiple services.

  • What is V-Key MFA?

    The V-Key Multi-Factor Authentication (MFA) with a Smart Authenticator is a security solution that verifies a user's identity at login using two or more verification factors. It adds an extra layer of protection to user or company data, preventing malware, phishing, and ransomware attacks, specifically unauthorized access. In the context of preventing ransomware attacks, the Virtual Secure Element enhances security by making it significantly more challenging for hackers to exploit unauthorized access attempts.

    The V-Key MFA is highly scalable and can easily integrate with most major and custom applications. It includes the V-Key mobile app (Authenticator / Soft Token), which supports additional authentication factors like biometrics (fingerprint and facial recognition) to further enhance security.

    The V-Key Smart Authenticator uses V-OS, a virtual secure element, embedded within native iOS or Android mobile apps. This creates a secure operating environment where data can be stored and cryptographic processes can be executed in isolation from the rest of the mobile app. The V-Key Smart Authenticator is the world's first virtual secure element to receive a Common Criteria Evaluation Assurance Level (EAL) rating of 3+. It is based on the U.S. Government's Protection Profile for General Purpose Operating Systems and is FIPS 140-2 (US NIST) compliant.

    Implementation is easy and efficient with the V-Key Smart Authenticator’s industry-strength Multi-Factor Authentication in just three simple steps. The V-Key Smart Authenticator not only reduces overall costs but also encourages user adoption of MFA.

  • What is V-OS?

    V-OS is a patented technology. It's a virtual secure element that provides a secure sandbox embedded within a native iOS or Android mobile application. This secure sandbox creates a safe operating environment where data can be stored and cryptographic processes can be executed in isolation from the rest of the mobile app.

    With V-OS as the security foundation of your mobile application, your organization can build a wide range of solutions that are secure, trusted, scalable, and tailored to your business needs.

  • What are the Key Features of V-OS (Virtual Secure Element)?

    The key features are:

    • Tamper-Resistant Design: V-OS employs layered tamper detection and response mechanisms.
    • Certified Cryptography: It uses a patented cryptographic virtual machine, adhering to FIPS 140 Level 2 and Common Criteria EAL+ standards.
    • Eradicates Hardware Dependency: By minimizing total ownership costs, V-OS eliminates the need for costly hardware tokens.
    • Seamless Developer Integration: Developers can work with V-OS through a flexible and extensible SDK framework.


  • What is V-OS Cloud?

    V-OS Cloud is a platform-as-a-service (PaaS) and software-as-a-service (SaaS) solution based on V-OS, the virtual secure element of V-Key.

    The cloud platform provides operational efficiency in the deployment of Trusted Identity services. It also optimizes the cost of implementation and maintenance and focuses on ensuring usability on any IOS or Android device.

    V-OS Cloud is always updated with the latest version of every solution available in V-Key's Software Suite with no additional cost for setup, operation, and maintenance of both mobile apps and servers.

    V-OS Cloud is designed with user experience in mind and offers an interactive and guided setup, easy onboarding process, and more to help organizations of any size to implement the services with peace of mind

  • How does V-Key MFA work?

    V-Key MFA utilizes the secure V-OS platform, which is a virtual secure element embedded within native iOS or Android mobile apps. V-OS creates a secure sandbox where data can be stored and cryptographic processes executed in isolation from the rest of the app. This ensures the integrity of your app and protects against tampering or unauthorized access. V-Key MFA also includes a Smart Authenticator that can be used for every app on your smartphone, providing a seamless and convenient user experience.

  • What Does V-Key’s Multi-Factor Authentication Do?

    V-Key’s Multi-Factor Authentication (MFA) is a cloud-based security solution that provides an additional layer of protection for various applications and services. Here’s what it does:

    1. Enhanced Security: V-Key’s MFA is built on the V-OS Virtual Secure Element, which provides a high level of security. It offers a software-based approach to MFA, which can provide enhanced security compared to traditional methods.
    2. Versatility: V-Key’s MFA can be used to protect a variety of services, including internal services like VPNs, cloud-based applications, and more.
    3. Ease of Use: The V-OS Smart OTP token simplifies the MFA process by turning your device into a One Time Password generator, even when offline. This makes it easy for users to authenticate their identity without needing to rely on an internet connection.
    4. Protection Against Fraud: V-Key’s MFA can help protect against various forms of fraud, including phishing attacks and unauthorized access to online accounts. By requiring a second form of authentication, it makes it much harder for attackers to gain access, even if they have the user’s password.
    5. Adaptive Authentication: V-Key’s MFA also includes features for adaptive authentication, such as the ability to set policies based on the user’s location, device, and network, adding a layer of security.
  • What is V-Key Smart Authenticator or soft token?

    V-Key Smart Authenticator or soft token is a feature of V-Key that turns your device into a One Time Password generator, even when offline.

  • What are use cases?

    V-Key MFA (Multi-Factor Authentication) has a wide range of use cases across various industries. Here are some examples:

    • Securing Corporate Assets: V-Key MFA is used to secure corporate assets. It provides a smart soft token that surpasses traditional hardware tokens in terms of security. By opting for a software-based solution, organizations can achieve a higher level of convenience and ease of use, as employees can access their credentials from any device, anywhere, anytime. It ensures the confidentiality and integrity of sensitive data by leveraging secure chip technology.
    • Cybersecurity: V-Key MFA is a proven way to mitigate cyber threats. It pairs a standard username and password login with something in the user’s possession to ultimately prove the users are who they claim to be.
    • Law Enforcement: An MFA solution with support for multiple authentication methods helps police departments satisfy the Criminal Justice Information Services (CJIS) requirement. Law enforcement officers are prompted for a second-factor authentication (FA) when logging into their mobile data terminals (MDTs).
    • Privileged Access Management (PAM): V-Key MFA can be integrated with PAM solutions to provide a secure, frictionless user experience while enabling organizations to improve access controls and visibility.

    These are just a few examples. The use of V-Key MFA can be tailored to meet the specific needs of different industries and organizations. It’s a flexible and robust solution that enhances security while maintaining user convenience.


  • What does a Service Instance do?

    A V-Key service instance refers to an instance of the V-Key security service that is deployed and managed by V-Key. The V-Key service is a cloud-based platform that provides advanced mobile security solutions to organizations. Supported service instances are SAML 2.0, OCID and RADIUS.

    When an organization subscribes to the V-Key service, they are provided with a dedicated service instance. This instance is hosted and maintained by V-Key, relieving the organization of the burden of managing the underlying infrastructure.

  • What is purpose of the Token Pack?

    The V-Key token pack is designed to enhance the security of V-Key soft tokens by providing a secure and convenient way to generate and manage cryptographic tokens. This helps to protect sensitive data, prevent unauthorized access, and ensure the integrity of transactions.

    It also provides a range of cryptographic functions, such as token generation, encryption, and digital signing, all within a secure environment.

    Overall, the V-Key token pack helps organizations strengthen the security of their soft tokens and protect against various threats, such as data breaches, identity theft, and fraud.

  • How do I set up V-Key MFA?

    Step 1, the IT administrator sets the protocol required for the specific application or service at V-Key Cloud.

    Step 2. Select the Directory (Microsoft AD on-premises, Azure AD, V-Key LDAP, or any 3rd party directory services) for the user authentication.

    Step 3. Configure Service Instance. 

    Step 4. Configure Token Pack.

    Step 5. Test the connection.

    Generally, it involves downloading the V-Key app, registering your device, and setting up your preferred method of secondary authentication.

  • How secure is V-Key Smart Authenticator?

    V-Key Smart Authenticator prioritizes security by utilizing its groundbreaking V-OS technology, which is widely recognized as the world's first Virtual Secure Element. This innovative technology creates a secure and isolated environment to protect important keys and critical business data. V-OS operates within an ultra-secure virtual machine, acting as a robust barrier against attackers and significantly reducing the risk of breaches while maintaining the integrity of the secure element.

    The V-Key Smart Authenticator seamlessly enhances security measures when combined with V-OS. V-Key Smart Authenticator provides uncompromising security for your organization through secure cloud-based authentication, elimination of password vulnerabilities, defense against phishing attacks, and tamper detection and prevention capabilities.

  • Does registering for MFA give access to my device?

    No, registering for MFA does not give access to your device. It simply verifies your identity by requiring a second form of authentication.

  • What industries can benefit from V-Key MFA?

    V-Key MFA is trusted globally and is used in various sectors including banking, healthcare, governments, etc. Its secure and flexible nature makes it suitable for organizations that prioritize strong customer engagement and app integrity. By eradicating hardware dependency and minimizing total ownership costs, V-Key MFA provides a cost-effective and efficient solution for industries that require robust multi-factor authentication.

  • What is V-Key pricing?

    V-Key is priced at $36 per year per user with unlimited devices. It includes push notifications, passwordless authentication, and trusted endpoints. Volume discount is available upon request. Please contact Celesti x for more information.

  • Does V-Key has a free trial?

    Yes, Celestix offers a free trial for 30 days. Sign up for a free trial here .

  • What are V-Key methods of authentication?
    • Software-Based Secure Element (S-SE): V-Key may use a software-based secure element to store cryptographic keys securely on the mobile device. This enhances the overall security of the authentication process.
    • Dynamic PIN (Personal Identification Number): Dynamic PINs involve the generation of one-time PINs (OTPs) or dynamic passwords that change with each authentication attempt. This adds an extra layer of security compared to static passwords.
    • Biometric Authentication: V-Key may support biometric authentication methods, such as fingerprint recognition or facial recognition, to verify the user's identity based on unique physiological characteristics.
    • Multi-Factor Authentication (MFA): V-Key's solutions may incorporate multi-factor authentication, combining two or more authentication factors (e.g., something you know, something you have, or something you are) to strengthen security.
    • Device Trust Score: V-Key might employ a device trust score that assesses the overall security posture of the device based on various factors, such as the device's security configuration, operating system integrity, and other attributes.
    • Tokenization: V-Key may utilize tokenization to replace sensitive information (such as credit card numbers or authentication credentials) with unique tokens, reducing the risk of unauthorized access.
  • How does V-Key compare to other authentication providers?

    V-Key distinguishes itself from other authentication providers in several ways:

    • Patented Technology: V-Key’s core patented technology, V-OS, is the world’s first virtual secure element to receive a Common Criteria Evaluation Assurance Level (EAL) rating of 3+, derived from the U.S. Government’s Protection Profile for General Purpose Operating Systems1. This indicates that their technology has been rigorously tested and certified for security.
    • Multiple Authentication Methods: V-Key offers multiple methods of authentication, including passwordless one-tap authentication, two-factor authentication (2FA), and biometrics authentication including iOS FaceID, ToudID and Android FingerPrint.
    • Robust Protection: V-Key provides robust protection for user experience and app integrity on any device1.
    • Security and Authentication Assurance: V-Key drives stronger digital customer engagement through security and authentication assurance.
    • Monitoring and Managing Security Profiles: V-Key allows you to monitor and manage security profiles to protect your customers from mobile cyber threats.

    When choosing an authentication service provider, it’s important to consider factors such as trust and reputation, the provider’s architecture, and the risk of vendor abandonment2. It’s also crucial to evaluate the provider’s support for common authentication protocols such as SAML and OpenID Connect.


    In comparison to other providers, V-Key’s unique blend of patented technology, multiple authentication methods, and robust protection make it a strong contender in the field of authentication providers. However, the best choice of provider will depend on your specific needs and requirements.

  • How do I purchase V-Key MFA?

    V-Key's Multi-Factor Authentication (MFA) solution is offered as a subscription-based service. This means you would pay a recurring fee (monthly or annually) to use the service, rather than a one-time purchase price.

    The subscription model often includes ongoing support and updates, ensuring that you always have the latest security features and improvements.

    However, the pricing model can vary depending on the specific product, the size of your organization, and other factors. For the most accurate and up-to-date information, it's best to contact V-Key directly or consult with a sales representative.

  • What mobile OS does V-Key support?

    V-Key supports the following mobile operating systems:

    • Android
    • iOS
    • HarmonyOS

    This means you can use V-Key's security solutions on a wide range of devices, including those from Apple, Samsung, Huawei, and many others.

  • Does V-Key support SSO (Single Sing-On)?

    Yes, V-Key supports Single Sign-On (SSO) capabilities. SSO allows users to authenticate themselves once and gain access to multiple applications or systems without the need to re-enter their credentials. V-Key provides secure and seamless SSO solutions that help organizations enhance user experience and improve security.

  • Should I use V-Key to replace hardware token?

    Whether you should use V-Key to replace a hardware token depends on your specific needs and circumstances. Here are a few factors to consider:

    Convenience: V-Key is a software solution that turns your device into a One Time Password generator. This can be more convenient than carrying around a separate hardware token.

    Cost: Hardware tokens can be expensive to replace if lost or damaged. A software solution like V-Key could potentially be more cost-effective.

    Security: V-Key's solution is built on the V-OS Virtual Secure Element, which provides a high level of security. However, some might argue that hardware tokens are less vulnerable to certain types of attacks, such as malware on the user's device.

    User Experience: Some users might find a software solution like V-Key easier to use, while others might prefer the tangibility of a hardware token.

    Compatibility: V-Key can be used with a wide range of devices and services, which might not be the case with certain hardware tokens.

    In conclusion, V-Key could be a good replacement for a hardware token, but it ultimately depends on your specific needs and circumstances. It's always a good idea to consult with a security professional or conduct a thorough risk assessment before making such a decision.

  • What if my user loses their smart device?

    People are conditioned to carry their mobile phones with them. Surveys show that on average it takes just 15 minutes for someone to realize they have lost their mobile phone. It may take much longer for someone to realize their hardware token is missing. A new mobile device can be delivered within a day and backed up online. Compare that to the process of provisioning a new hardware token or smart card.

     However, with V-Key Authenticator, the recovery process is both easy and secure. All you need to do is enter your recovery email to restore your account. Additionally, V-Key’s Password-less Face Token Technology makes user verification simpler and allows for smooth account transfer between different devices. 

  • Not all my users have a smart device, can I still use V-Key?

    If users have standard mobile phones, then they can make use of the clientless option which delivers the OTP via SMS.

  • What if my user loses their smart device?

    People are conditioned to carry their mobile phone with them. Surveys show that on average it takes just 15 minutes for someone to realize they have lost their mobile phone. It may take much longer for someone to realize their hardware token is missing. A new mobile device can be delivered within a day and backed up online. Compare that to the process of provisioning a new hardware token or smart card.

  • I lost my device or moved on to a new device, how do I make sure notifications don’t continue to go to my old device?

    If your user has lost their device or moved to a new one, it’s important to ensure that your V-Key MFA notifications don’t continue to go to the old device. Here are some general steps you can take:

    • Unregister Old Device: Unregister your user’s old device from the V-Key MFA system. This will stop any notifications from being sent to that device.
    • Re-register for MFA: Re-register your user’s device for MFA. This will ensure that your new device is recognized by the system.
    • Contact Support: If you’re unable to unregister your old device or re-register for MFA, it’s recommended to contact V-Key’s support team for assistance. They can guide you through the process and ensure that your account is secure.

    Remember, these are general steps, and the exact process may vary depending on your organization’s specific setup and policies. Always consult with your IT department or V-Key’s support for the most accurate information.