SlashID, a leading identity security platform, has announced the launch of Mutual Time-based One-time Password (TOTP). This industry-first capability simultaneously verifies the identity of both parties in human-to-human interactions, such as phone calls or video chats. By establishing a bidirectional cryptographic handshake, Mutual TOTP eliminates the trust gaps exploited by attackers using vishing, deepfake voice clones, and help desk manipulation—the primary drivers behind nearly 36% of modern security incidents.
The Problem: Social engineering is the leading access vector; legacy defenses like awareness training and face-scanning are increasingly bypassed by AI deepfakes.
The Solution: Mutual TOTP provides bidirectional cryptographic proof, confirming the identity of both the caller and the recipient.
Mechanism: Uses RFC 6238 TOTP codes refreshed every 30 seconds; both parties must confirm matching codes for a successful "handshake."
Risk Integration: Verification events are correlated against SlashID’s full identity graph and risk profiles to detect anomalous patterns.
Privacy & Cost: Stores no biometric data and costs significantly less than traditional ID verification (IDV) solutions.
Use Cases: Help desk verification, wire-transfer approvals, vendor onboarding, and remote employee check-ins.
Traditional Multi-Factor Authentication (MFA) was designed to prove a user's identity to a machine, but it fails in human-to-human scenarios where an employee needs to prove their identity to a colleague or help desk agent. Attackers, such as the threat group Scattered Spider, have repeatedly exploited this "one-way" trust to bypass defenses. Mutual TOTP ensures that if an employee receives a call from someone claiming to be "IT Support," both parties can instantly verify each other through their respective devices.
"Social engineering works because it exploits a gap that MFA was never designed to close: neither party on a call can prove who the other is," said Jake Whelan, SlashID's Head of Product. "Mutual TOTP closes that gap with cryptographic proof that's fast enough for employees to actually use."
Bidirectional Cryptographic Verification: Each user receives a unique six-digit code on their device. If either party fails to provide the matching code, the interaction is flagged and blocked.
Identity Risk Correlation: SlashID automatically escalates requests originating from high-risk identities or unusual geographic locations, preventing friction for low-risk, routine calls.
Full Session Audit Trail: Every interaction is logged with timestamps and verification outcomes, providing a ready-made audit trail for compliance (SOC2, HIPAA) and incident response.
Unlike face-scanning or document-processing tools, Mutual TOTP does not require the collection or storage of sensitive biometric data. It utilizes the hardware-backed security already present in smartphones and desktops, reducing onboarding friction and privacy concerns. This makes it a practical solution for daily use across an entire enterprise rather than just high-security help desk scenarios.
SlashID is an identity security platform dedicated to stopping identity-based attacks before they lead to data breaches. The platform provides unified visibility across human and non-human identities, featuring over 500 out-of-the-box threat detections and automated remediation for cloud, SaaS, and on-premise environments.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.