1 Build brainprint on this laptop live
Just interact normally - type, move your mouse, scroll, click. Your behavior streams to GrayPass in real time. Hit Build brainprint whenever you're ready (minimum 15 seconds).
The trust score will sit near zero until you build the brainprint - there is nothing to score you against yet. Open the Telemetry pill in the top-right to watch every signal being captured.
Why behavioral identity beats device identity
Passkeys are a property of the device. Lose the device, lose the key. Get a new laptop, set up a new passkey. Magic links verify whoever controls the email inbox - exactly what a SIM-swap attacker is targeting.
GrayPass verifies the human behind the keystrokes. Six modalities scored in parallel: keystroke dynamics (dwell + flight time), pointer kinematics (speed, curvature, overshoot), scroll cadence, focus patterns, touch on mobile, and accelerometer + gyro.
Each signal alone is weak. Combined, they make a 54-dimensional summary vector an attacker has to match in real time across every channel simultaneously. The vector is non-invertible: we cannot reconstruct what you typed from the dwell-time distribution.
Templates are cancelable. A leak rotates the key, not your identity. And because the signal lives in a device-invariant embedding space, the moment you build it on one device it transfers to every other device on your GrayPass network. Including your phone.
2 Transfer to phone
Scan the QR with your phone's camera. Token expires in 90s.
3 GrayPass network waiting
When your phone joins, the brainprint mesh trust appears live.
Waiting for phone...
phone trust (live)
Simulate an attacker on the phone
We inject bot-shaped feature frames into the phone session. GrayPass detects the anomaly within ~2 frames and the phone signs itself out everywhere.