SlashID introduced Mutual Time-based One-Time Password (TOTP), a first-of-its-kind cryptographic verification method that validates both participants in a human-to-human interaction. This approach closes the trust gap exploited by vishing, deepfake impersonation, and help desk fraud, which are common initial access techniques in enterprise breaches.
Social engineering was the leading initial access vector last year, accounting for 36% of all incidents investigated, according to Palo Alto Networks’ Unit 42 2025 Global Incident Response Report. Similarly, Mandiant found that Vishing appeared in 11% of all infection investigations. Unlike email phishing, these interactive attacks are resistant to automated technical controls. As AI-generated voices and deepfake video lower the cost and skill required to impersonate employees, executives, and vendors, legacy defenses — security awareness training, face-scanning identity verification, and liveness detection — are failing to keep pace.
“Social engineering works because it exploits a gap that MFA was never designed to close: neither party on a call can prove who the other is,” said Jake Whelan, SlashID’s Head of Product. “Mutual TOTP closes that gap with cryptographic proof that’s fast enough for employees to actually use.”
Enterprises are spending heavily on identity verification tools that rely on face scanning, ID document processing, and biometric liveness detection. These solutions are expensive to deploy, invasive to use, and impractical to roll out beyond narrow help desk scenarios. Meanwhile, threat groups like Scattered Spider have demonstrated repeatedly that a convincing phone call is all it takes to bypass MFA, reset credentials, and gain persistent access.
Mutual TOTP solves these challenges with three core capabilities:
- Bidirectional Cryptographic Verification: RFC 6238 TOTP codes bound to each user’s device and refreshed every 30 seconds. Both parties receive and confirm a unique six-digit code simultaneously — if either side fails, the handshake fails and a warning triggers automatically.
- Identity Risk Correlation:Â Every verification event is correlated against SlashID’s full identity graph and access risk profile. Requests from high-risk identities or anomalous patterns escalate automatically, while low-risk interactions proceed without friction.
- Full Session Audit Trail: Every verification session is logged with initiator, target, timestamp, verification status, and outcome — ready for compliance reporting, incident investigation, and integration with existing SIEM/SOAR workflows.
Unlike traditional identity verification tools Mutual TOTP operates bidirectionally at the cryptographic layer, proving both sides of an interaction simultaneously. Further it significantly reduces onboarding friction, privacy concerns and deep-fake evasion risk compared to traditional IDV solutions. The solution works on both desktop and mobile with biometric device protection, stores no biometric data on third-party servers, and costs a fraction of face-scanning alternatives. The result is a verification method practical enough to extend beyond the help desk to employee-to-employee calls, executive wire-transfer approvals, vendor onboarding, contractor access requests, and remote worker check-ins.
To learn more about Mutual TOTP or request a demo, visit the website here.
Related News:
Prove Launches Identity Platform for Real-Time Trust
The State of Biometric Security in the Age of AI Fraud Report Released
