NSERC I2I project

LOXIN: A Password-Less Universal Login System – Enabling Bring-Your-Own-Device for Authentication in Enterprise


As the easiest and cheapest way of authenticating an end user, password-based authentication methods have been consistently employed by organizations and businesses as the default mechanism of restricting and monitoring access. The increased adoption of cloud applications and third-party services within an enterprise generally requires employees to keep track of a number of user names and passwords on a daily basis. The fact that employees need to remember multiple login credentials has incurred significant costs for an enterprise due to the increasing number of help desk calls for pass- word reset. Moreover, the current practice of using multiple user names and passwords in enterprises is also exposing the business to more opportunities for security breaches, as demonstrated by recent password leaks in big brands such as Apple, Adobe, and LinkedIn.

This project is based on the work on Loxin – A Solution to Password-less Universal Login, published in 2014 by Bo Zhu, Xinxin Fan and Guang Gong.  The core architecture and methodology of the secure password-less authentication system LOXIN are protected by U.S. Patent 10136135 (filed on April 15, 2015, awarded in Dec 2018).

Project description

Business opportunities and IP


Current progress:

- Demo is done

- API in process

- Survey in process


B. Zhu, X. Fan, and G. Gong. “Loxin – A Solution to Password-less Universal Login". In 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pages 488–493, April 2014.