Frequently Asked Questions

SkinID is a unified authentication platform that uses a subdermal NFC cryptographic implant as a universal identity anchor. It is not just a password manager. It replaces passwords, access cards, keys, PINs, and tokens with a single scan of your hand. SkinID works across digital services (websites, apps) and physical environments (doors, offices, secure facilities). It is a Swiss product.

Password managers store and auto-fill credentials, but they still rely on a master password and don't address physical access. SkinID goes further: it embeds a cryptographic root of trust directly in your body, enabling both digital authentication (passwords, passkeys, FIDO2) and physical access (doors, offices, smart locks) in a single unified system. Your body becomes the authenticator. Nothing to remember, carry, or lose.

Switzerland is globally recognised for privacy, precision, and security, from banking to healthcare to technology. SkinID is designed, developed, and hosted entirely in Switzerland under the Federal Act on Data Protection (FADP). For a product that becomes part of your body, trust in the origin matters. Swiss engineering means rigorous standards, transparent governance, and a legal framework built to protect individuals.

The SkinID implant is a DESFire EV3 NFC cryptographic chip (roughly the size of a grain of rice) encased in biocompatible glass (Schott 8625). It supports AES-128 mutual authentication, making it virtually impossible to clone. The implant is placed beneath the skin of the hand using a sterile injector. It contains no battery and is powered passively by the NFC field when scanned. SkinID provides the implant, the software, and the installation: everything you need is included in one kit.

Yes. The implant uses biocompatible glass (Schott 8625) that has been used safely for decades. Tens of thousands of people worldwide have had NFC implants since 2013, particularly in Nordic countries. The implant contains no battery, no moving parts, and no active electronics when not being scanned. It is MRI conditional (safe up to 3 Tesla). Installation is performed by trained professionals at certified pharmacies, piercing studios, or tattoo shops.

SkinID uses the DESFire EV3, the most advanced NFC cryptographic chip available for implants. It supports AES-128 mutual authentication, meaning both the chip and the reader verify each other before exchanging data. This makes cloning virtually impossible without the secret key. The chip communicates via ISO 14443 (NFC-A), is compatible with all major access control systems, and is encased in Schott 8625 biocompatible glass. The implant is included in every SkinID kit.

The SkinID kit (implant + professional installation + software access) is priced at CHF 100-150. This is a one-time purchase that serves as your permanent entry point to the ecosystem. Basic authentication is free. Advanced features like enterprise management, secure sharing, and priority support are available via subscription (CHF 10-20/month).

The SkinID implant uses DESFire EV3 with AES-128 mutual authentication. Both the chip and the reader verify each other before any data is exchanged. The implant can only be read within 1-3 cm of your hand, and cryptographic keys can be revoked and replaced at any time. This provides a level of security that passwords, cards, and even biometrics cannot match.

1) Order your SkinID kit online. 2) Get your implant installed at a certified pharmacy, piercing studio, or tattoo shop. 3) Download the SkinID app (Mac, Windows, or iPhone) and install the browser extension (Chrome or Safari). 4) Open the management panel and scan your implant to create your account. 5) Start adding passwords, registering passkeys, or connecting door access systems.

SkinID works on macOS (native app + Chrome extension), Windows (native app + Chrome extension), and iPhone (native app with built-in NFC + Safari extension). For desktop, you need a USB NFC reader (ACR122U recommended, ~$25-35). On iPhone, the built-in NFC reader is used directly, no additional hardware needed.

Yes. SkinID supports CSV import from Chrome, Bitwarden, 1Password, LastPass, and Dashlane. The format is auto-detected. Go to the management panel, click "Import CSV", and select your exported file. All imported passwords are immediately encrypted with your per-user key.

Yes. The NFC implant is directly compatible with DESFire-based door access systems used in offices, apartment buildings, gyms, and secure facilities. Major compatible systems include Salto, HID Global, Assa Abloy, and Dormakaba. Your implant can be enrolled in these systems just like a standard access card, but it's always with you and can never be forgotten or lost.

SkinID uses a zero-knowledge architecture: every credential and FIDO2 private key is encrypted with a per-credential key derived (via HKDF-SHA256) from a 32-byte vault wrap key that lives on the chip in your hand, inside an authenticated DESFire EV3 file. The actual encryption is ChaCha20-Poly1305 AEAD with associated data binding the ciphertext to its user, site, and credential ID. Without your chip in the reader field, we hold nothing but opaque bytes. Read the full architecture at skinid.ch/security.

You have three independent recovery paths. (1) Backup chip: if you provisioned a backup chip at signup, tap it to swap into primary. (2) Printable Shamir key: a paper printed at signup encodes your vault key via Shamir Secret Sharing; enter it on a fresh chip and you're back. (3) KYC + multi-operator approval: last resort. Proof of identity, a 7-day cooling-off period, and approval from two senior operators at SkinID. The recovery is then sealed and a fresh chip provisioned. Documented in our legal terms.

No. The vault wrap key that decrypts your data lives only on your chip. We never persist it. Even with full access to our database, our staff cannot decrypt your credentials. Operator destructive actions (account recovery, key rotation) require two distinct senior operators to approve, with the entire workflow audit-logged. We can serve you ciphertext, transition account state, and process recovery requests; we cannot read what's inside.

An attacker with full database access reads ciphertext only. Without the chip's vault key, the data cannot be decrypted. We additionally store nightly backups encrypted with a public key whose private half lives off-server. Operator sessions are SameSite=Strict cookies on TLS 1.3 with HSTS preload, hashed at rest, with idle and absolute timeouts. All destructive operator actions require multi-operator approval. We commit to publishing post-mortems and notifying affected users within 72h per GDPR Article 33 and Swiss FADP standards.

If SkinID winds down operations, we commit to: (1) at least 6 months' notice; (2) an open-source, self-hostable migration path so you can keep your chip working without us; (3) export of your encrypted credentials in a portable format, decryptable with your existing chip. Your chip is yours. We never want it to become useless because of our business decisions.

FIDO2 is a passwordless authentication standard supported by GitHub, Google, Microsoft, Apple, and hundreds of other services. Instead of a password, a cryptographic key pair is used: the private key stays on SkinID (encrypted), and the public key is registered with the website. When you sign in, SkinID proves you own the private key by scanning your implant. Passkeys are phishing-resistant: there is no password to steal, no code to intercept.

SkinID's cryptographic keys can be revoked and replaced at any time, giving you full control over your identity. Biometrics like fingerprints are permanent and tied to specific devices and platforms. SkinID works across all platforms and environments, including physical door access, making it a truly universal solution.

Yes. SkinID is designed for enterprise deployment. Organisations can enroll employees with implants that provide unified access to digital systems (SSO, workstations, internal tools) and physical infrastructure (offices, labs, secure areas). This eliminates credential-based breaches, reduces IT support costs for password resets, and provides centralised identity management across all access points. Enterprise subscriptions are available for at-scale deployment.

Digital authentication (passwords, passkeys) requires a connection to the SkinID server. However, physical door access works independently: the implant communicates directly with the door reader via NFC, with no internet connection required. This makes SkinID reliable for physical access even during network outages.