codeb.io

What It Is

CodeB’s core product, Credential Provider V2, is a localized MFA/passwordless credential provider for the Windows logon screen. It strengthens sign-in with NFC cards, TOTP, X.509 PKI smart cards, or USB Tokens. It can be used as a second factor on top of passwords, or as a direct password replacement, covering local accounts, Active Directory, Entra ID, and hybrid environments. It supports Windows 8 through Server 2025.

Core Capabilities and Deployment

Its biggest differentiator is that it is “cloudless”: there is no SaaS control plane, no internet requirement, and no CodeB telemetry. It can operate in air-gapped or one-way isolated networks such as hospitals, OT environments, manufacturing lines, and defense laboratories. Deployment is primarily based on a credential provider DLL and policy templates, which can be pushed via command line, Group Policy, or registry tools. It does not require directory schema changes or agents installed on domain controllers. The Admin CLI supports bulk card issuance, binding cards to AD users, reverse lookup, and card revocation, making it suitable for scaling from pilots to hundreds of endpoints.

Compliance, Management, and Integration

The product is clearly positioned for regulatory pressure scenarios such as NIS2, DORA, IEC 62443, and the EU CRA, and it emphasizes that FIPS 140-2 can be enforced through Windows Group Policy. All logon, lock, and unlock events are written to the standard Windows Event Log, making auditing straightforward. For shared Windows accounts, the NFC card ID can also be appended to the Office author name, enabling attribution for edits in Word, Excel, and PowerPoint. On the integration side, it supports MIFARE/DESFIRE, RFC 6238 TOTP, PKI, Edge/Chrome Web SSO extensions, and plugin-based custom workflows.

Pricing, Pros, and Cons

The page only mentions that users can request an evaluation key and view pricing; it does not disclose specific pricing details. The advantages are offline availability, strong fit for legacy and hybrid Windows environments, a broad choice of authentication media, a clear audit trail, and fairly direct engineering support commitments. The downsides are its relatively narrow focus—mainly solving Windows logon rather than full IAM—while pricing, Chinese-language support, and payment methods are not publicly disclosed. NFC/PKI rollout also depends on an organization’s card issuance and operations maturity.

Who It’s For and Access from China

It is especially well suited to shared workstations in healthcare, manufacturing MES/HMI environments, the public sector, finance and legal organizations, critical infrastructure, and European regulated organizations that require local data sovereignty. The source text does not provide information on access from China, so this remains unknown. If procurement is affected by network access, payments, or local service availability, it may be worth comparing Microsoft Windows Hello for Business, Duo, Yubico, as well as domestic identity authentication and endpoint security vendors.