decoy logodecoy
AI agent authentication

how should ai agent authentication work?

An agent can browse a website and fill a form, then stop at the login screen. Authentication is the missing layer between an agent that can suggest a task and one that can finish it.

the authenticated workflow has several steps

A real workflow may require a username, password, email code, TOTP, passkey assertion and personal details such as an address or card. Treating each step as a separate integration makes the workflow fragile and encourages developers to request broad access.

A better authentication layer resolves the required information at the moment the workflow needs it. The agent should know which account it is using, why it needs access and what happens when the request is denied.

  • Identify the exact account or information required.
  • Check whether the user has already approved that access.
  • Release only the approved information or passkey assertion.
  • Return clear denied, expired and retryable errors.
  • Record the access for later review.

credential access and action approval are different

Permission to retrieve a Nike password does not automatically mean permission to place an order, change account settings or delete data. The credential layer controls what information reaches the agent. The browser or agent runtime must still control what the agent is allowed to do with it.

This distinction matters because a reusable password cannot be pulled back after an agent receives it. Revoking access prevents another retrieval, but it does not make the agent forget information it already received.

how Decoy approaches authentication

Decoy combines saved logins, service-specific email, TOTP, passkey assertions and autofill behind one MCP server and HTTP API. Users choose the accounts and information an agent may access and how long that access lasts.

Passwords are decrypted locally and encrypted to the connected agent. Decoy's server never sees the plaintext. Passkeys use a stronger boundary: the phone signs the website challenge and the private key never leaves the device.

common questions

should every login require phone approval?

Not necessarily. Users can approve one request or grant standing access to selected accounts and information for a chosen duration. Passkey sign-in still requires the phone.

does Decoy authorize the final website action?

No. Decoy authorizes access to user information. The agent runtime or browser layer remains responsible for controlling downstream actions such as sending, purchasing or changing settings.

can an agent authenticate when the phone is offline?

Previously approved password, email and personal-data access can continue until it expires or is revoked. New access and passkey assertions require the phone.

give your agent the info it needs. not your user’s whole life story.

Decoy provides user-approved passwords, email codes, passkeys and personal details through one MCP server or API.