The badge your staff already carry is now a security key.
Login turns the NFC access badge in every pocket into a FIDO2 passkey for shared devices. Staff tap the badge once at the start of a shift, and their passkeys load onto the device and stay there all day. No passwords, no cloud accounts, no $90 hardware.
No passwords. Just a tap.
A passkey signs you in without a password. Nothing to remember, nothing to type, and nothing a scammer can phish or a data breach can leak. The site checks a secret key that only you hold. Google, Microsoft, Apple, GitHub and thousands of other sites already accept them.
Login keeps that key on a small NFC card instead of tying it to one phone or a cloud account. Tap the card to your phone and you are signed in. Tap out and the key is gone from the device. The card is your key, and it fits in a wallet.
Shared devices broke passkeys.
Frontline workers share a tablet, a kiosk, a handheld every shift. The passkey tools built for personal phones simply weren't designed for that.
Cloud passkeys don't fit
Mainstream managers tie credentials to a personal account, useless on a shared tablet or kiosk.
Security keys are pricey
A dedicated key runs $25–$90 per employee. Across hundreds of staff, that budget doesn't exist.
Passwords are a liability
Sticky notes, shared logins and endless resets cost IT time and quietly open security holes.
Badges are in every pocket
Staff already carry DESFire EV3 cards for doors, printers and time clocks, every single day.
Login stores passkeys on the badge they already have. No new hardware, no cloud accounts, no passwords.
Four flows on a shared device.
The real in-app instructions, from signing in to first-time setup. Watch each one play out.
Sign in
Log in to any site with one tap. No password, no OTP, no friction.
Create a passkey
Register a passkey on any website, and it saves to your NFC badge automatically.
Restore passkeys from your card
Starting a new shift? Tap your badge to load your passkeys onto the shared device.
Set as default password manager
One-time setup: enable Login in Android settings so passkey prompts route here.
Hardware-grade security, badge-grade price.
Per card
A DESFire EV3 badge costs a fraction of a dedicated security key.
New hardware
Reuse the access badges your staff already carry every day.
Device ready
Passkeys travel with the employee, not the device. Tap in, tap out.
WebAuthn standard
Works with any site that supports passkeys. No vendor lock-in.
Test it with a blank DESFire EV3 card.
You need a blank, factory-default card that still has its default keys, so Login can add its passkey area. Blank cards cost a couple of dollars and ship almost anywhere. You will also need an Android 9 or newer phone with NFC.
Testing? Start with a blank card. Your existing work or access badge probably won't work for a quick test. Cards handed out for door access, transit or payments are usually locked by whoever issued them, and Login can't set itself up on a locked card. It looks like the app is broken when it is really the card. Reusing the badges your organisation already issues is possible, but it needs a bit of coordination with whoever manages them. If that is your plan, see For IT & MDM below.
AliExpress →
Usually the cheapest for one or two blank cards, with global shipping.
Amazon →
Switch to your local Amazon (.co.uk, .de, .co.jp…) for quicker delivery.
eBay →
Good for single cards and lots from sellers that ship internationally.
Independent app. Not affiliated with, endorsed by, or sponsored by NXP Semiconductors or any card reseller. The links above are neutral marketplace searches for convenience; always check the product specs and seller before buying. MIFARE and DESFire are registered trademarks of NXP B.V.
Authentication you can audit.
No proprietary crypto. No hidden backend. No "trust us". Every primitive is published in plain language.
Read the full security overview →The same passkey algorithm Apple, Google and Microsoft use.
Card keys derived from your PIN with HMAC-SHA256 at 600,000 iterations.
Nothing leaves your phone or card. There is no Login server to breach.
Threat model, primitives and limits, published in plain language.
Rolling out to a fleet?
If you manage shared Android devices through an MDM, talk to us about volume pricing and deployment.
Get in touch about volume pricing →Helpful to include: fleet size, MDM platform, and whether staff already carry DESFire EV3 cards.
Deploys through your MDM
Push silently via managed Google Play: Intune, Workspace ONE, Knox Manage, Scalefusion, SOTI and any Android Enterprise platform.
No per-user accounts
Passkeys live on each employee's badge. No usernames, no resets, no seat counts to manage.
Reuse the badges you issue
Any MIFARE DESFire EV3 card works, including the access cards your staff already carry.
No backend to procure
Nothing to integrate, no data residency to audit, no sub-processors. The app stands alone.
Questions, answered.
Which phones does it run on?
Any Android 9 or newer phone with NFC, which is most of them. iPhones are not supported, because iOS does not give apps the card access Login needs.
Does it need an internet connection?
No. Everything happens on the phone and the card. There is no Login account and no server to sign in to, so it works fully offline.
What if someone loses their card?
Passkeys on the card are encrypted with a key derived from your PIN, so a lost card is useless without it. Your PIN is what protects them, so choose a strong one: someone holding the card could try to guess it. On the shared device, repeated wrong PINs also clear the cached copy and the saved PIN.
Which cards can I use?
A blank MIFARE DESFire EV3 card that still has its default keys. See where to get one above. A card already set up for work access may or may not work, depending on whether its keys were changed from the factory default, so a fresh blank card is the reliable choice.
How much does it cost?
There is a free 30-day trial, then a subscription. Teams can get volume licensing through their MDM. Current pricing is shown on Google Play.
Do my passkeys leave the card?
Only into the phone you tap, for the length of a shift, and always encrypted. Nothing is uploaded anywhere. Read the security overview for the details.
