Beyond Traditional Authenticators
Traditional 2FA solutions like Google Authenticator and Microsoft Authenticator rely on static, time-based one-time passwords (TOTP). While simple to deploy, these methods have significant limitations:
- They do not bind the code to a specific action or transaction
- They are vulnerable to phishing, malware, and real-time replay attacks
- They require complex and manual backup procedures, often relying on QR codes or recovery keys
In contrast, Interstellar's TAVP (Trusted Action Validation Protocol) β previously referred to as TTVP β validates sensitive actions such as transactions or account recovery by linking them to:
- A user-visible message describing the action
- A randomized keypad displayed through secure visual cryptography
- A Secure Element (SE)-signed response confirming user intent
- Full processing and validation within a Trusted Execution Environment (TEE)
This approach is backed by Interstellarβs decentralized infrastructure, which handles message integrity, circuit delivery, and attestation flows without reliance on centralized servers.
Key Differentiatorsβ
Compared to traditional authenticators, Interstellar provides significantly stronger guarantees in both security and user experience:
| Feature / Threat | Google/Microsoft Authenticator | Interstellar (VCA + TAVP) |
|---|---|---|
| Phishing-Resistant | β | β |
| Replay Protection | β | β |
| Hardware Binding (SE) | β | β |
| Intent Visibility (Message Display) | β | β |
| Randomized Keypad Input | β | β |
| Code Validity (One-Time) | β (but predictable) | β (non-replayable) |
| Device Spoofing Resistance | β | β |
| Integration with TEE | β | β |
| Visual Cryptography | β | β |
| Biometric Integration | β | β |
| Instant, Passwordless Onboarding | β | β |
| Recovery Without Manual Backup | β (manual QR/key) | β (NFC or secure file + threshold) |
Summaryβ
Interstellar eliminates the inherent limitations of traditional authenticators by combining user-visible intent verification, hardware-backed signatures, and secure execution into a streamlined user experience. This not only mitigates modern threat vectors like phishing and malware, but also simplifies onboarding and recovery for non-technical users.
Future versions of the mobile SDK will further expand these flows to support Passkey compatibility, session delegation, and multi-device recovery policies β all secured by Interstellarβs TAVP protocol.