The Automate password is used to access the web portal, while the passcode/gesture is used to unlock the StrongPass App.

Your Authomate password, together with your Authomate login ID provide access to the administration web portal on the Authomate server. From the web portal you can manage your account, manage team accounts and settings, and look at historical records. There are three different mechanisms for failed login attempt :

  1. After 5 consecutive failed logins, the Authomate server will require you to correctly respond to a captcha request.
  2. After 5 failed login attempts within a short time, the Authomate server will throttle the requests and return the error “Too many attempts – Wait a while and try again.”. 
  3. For Team accounts only, the account will be locked after too many failed attempts and the team administrator will have to unlock it

The passcode/gesture allows you to unlock the StrongPass App to access the credentials stored on your phone. When entered correctly, the Passcode gives the phone access to a much stronger key that is stored on the Authomate Server. That key is used to encrypt the data on the phone (StrongPass App). This ensures that loss of the phone by itself is not enough to compromise the credentials on the phone – even if the phone is jail-broken. To get the key to decrypt the credentials, an attacker needs to log into the StrongPass App using the Passcode to get the key from the server. After several failed logins, the StrongPass App will begin throttling until it eventually locks the device. Locking the device after a limited number of attempts prevents brute force attacks to guess the Passcode.