BridgeKeeper
A passwordless authentication system that replaces traditional passwords with personal memories. Users log in by answering challenge questions spoken aloud — the system verifies both the semantic meaning of the answer and the speaker's voiceprint, collapsing two authentication factors into a single natural interaction.
How it works
- During onboarding, users create 10 personal challenge/response pairs
- At login, the system randomly selects 3 challenges (720 possible sequences)
- Answers can be spoken (dual-factor: semantics + voice biometrics) or typed (semantic only)
- Semantic similarity is computed via AI embeddings, not exact string matching
- Voiceprint verification confirms the speaker's identity through vocal characteristics
- Magic link email fallback when voice authentication is unavailable
- Individual challenge pairs can be rotated if compromised
Security model
- No passwords are stored anywhere in the system
- Voice embeddings are stored as hashed vectors, not raw audio
- All biometric data is encrypted at rest and in transit
- Rate-limited to 3 failed attempts per hour
- Trust levels vary by method: high (voice), medium (text), medium (magic link)
- Designed with GDPR Article 9 biometric data compliance in mind
Tech stack
Frontend
- Next.js 15
- React 19
- TypeScript
- TailwindCSS 4
- Zod
Backend
- Fastify 5
- TypeScript
- PostgreSQL 15
- Drizzle ORM
- Jose (JWT)
AI & Biometrics
- Voyage AI (embeddings)
- pgvector (similarity search)
- Voiceprint analysis
- Liveness detection
Tooling
- Turborepo
- Drizzle Kit
- Resend (email)