CodeB hardens Windows logon with NFC cards, TOTP codes, PKI smartcards and USB tokens — used as a second factor on top of the password, or replacing the password entirely. Roughly half of our customers run each pattern; policy decides which fits your environment. Works on local, Active Directory and Entra ID accounts from Windows 8 through Server 2025. Fully on-premises, no cloud or internet connection required. Air-gap deployable.
Most identity vendors assume a greenfield Entra ID environment. Regulated organisations rarely have that luxury. CodeB is built for the parts of your environment that still run Windows logon — be it local accounts or Active Directory — and have to keep running it, securely. We have been doing exactly this for over twenty years; CP V2 is the modern evolution of Aloaha Smartlogin, the credential provider Aloaha has built and supported since the early 2000s.
Every Windows workstation still authenticates with a username and password — whether it's an office desk, a civil-service terminal, a manufacturing line PC or a clinical workstation on a hospital ward. CodeB layers strong authentication over that existing credential model, in place, without rewriting the desktop and without moving identity to the cloud.
NIS2, DORA, the EU AI Act and sector-specific rules demand strong, attributable logon. Most companies cannot simply retire their historically-grown shared accounts. CodeB layers per-user authentication and auditing on top of those accounts, so every action remains attributable to a real person and your auditors get the evidence they recognise.
A nurse logging into a roving terminal cannot type a 16-character password fifty times a shift. Tap-and-go NFC and TOTP restore sub-second logon without trading away security.
CodeB is an EU product (Aloaha Limited, Malta) and runs entirely on your own infrastructure. The product never requires a cloud or internet connection to function. It deploys and runs on fully air-gapped defence networks, clinical OT segments and jurisdictions where data cannot leave the country. No customer data is ever stored or processed outside the EU — and because Aloaha Limited is an EU entity, the product is outside the reach of the US CLOUD Act and similar extraterritorial-disclosure regimes.
Selected deployments where Windows authentication is operationally critical and where regulators look closely at how identity is enforced at the endpoint.
Hospitals and clinics using shared workstations, contactless staff cards and roaming clinical sessions across wards.
NFC · PKI · roaming sessionsShop-floor terminals, MES stations and engineering workstations needing fast, attributable shift logon.
MES · OT · shift workersWindows-based HMIs inside printing presses, CNC machines, packaging lines and lab analysers — where operators and engineers need attributable logon on machines that run for fifteen years.
HMI · OEM machines · long-life WindowsFinance, legal, public sector and defence supply chains under NIS2, DORA or national equivalents.
NIS2 · DORANIS2 (Directive EU 2022/2555) classifies organisations across energy, transport, water, food, healthcare, manufacturing of essential goods, public administration, digital infrastructure and many other sectors as essential or important entities. Article 21 explicitly requires risk-managed authentication for every system that touches the operation. CodeB delivers exactly that — at the Windows logon screen, on-premises, with the audit trail your competent authority expects.
The CodeB Credential Provider V2 is a fully managed .NET implementation of Microsoft's ICredentialProviderCredential2 interface. Every supported token — NFC card, TOTP code, PKI smartcard or USB stick — can be deployed as a second factor alongside the existing password, or used to replace the password entirely. Both patterns are equally supported; in practice our customers split roughly 50/50 between them.
The Credential Provider V2 licence carries two add-ons that solve the next problems most customers run into after they've hardened workstation logon. Each is also available standalone.
One login. Every web app. No passwords exposed. A managed browser extension for Edge and Chrome that fills usernames, passwords and the 6-digit TOTP step on the way in — and signs users into legacy Windows and Java apps such as T2med — without ever exposing credentials to page JavaScript.
Read about Web SSODon't tidy your desktop. Replace it. One hotkey swaps your desktop files, icon layout and per-monitor wallpapers for a clean profile — perfect just before a Zoom or Teams screen share. Tap again to bring everything back exactly as you left it.
Read about Desktop SwitcherCodeB ships as a credential provider DLL and a small set of policy templates. No directory schema changes, no agents on the domain controller, no cloud dependency unless you want one.
Sign in once with your existing account. The installer registers the CodeB credential tile alongside the Microsoft password tile. Nothing is locked down yet.
Tap an NFC card, scan a TOTP secret with any compliant authenticator app, present a PKI smartcard, or plug in a USB key for evaluation. Multiple tokens per identity are supported.
Push the configuration to your Windows machines via Group Policy or the command line. Hide the Microsoft Password Provider via the built-in CodeB Credential Provider Filter so end users only see the CodeB logon tile.
Every logon, lock and unlock event becomes attributable to the token holder and is written to the standard Windows event log — replay-resistant, ready for any audit interview.
Every message to info@codeb.io lands in a real inbox watched by engineers. No AI auto-reply. No ticket queue to chase. Same working day in most cases, never later than the next.
Call our German lines in CET business hours and someone answers. No phone tree, no "press 1 for sales," no hold music. If we're with another customer, we call back the same day.
The person who reads your message is the person who can solve the problem, or who knows precisely who to bring in. No deflection into chatbots, no self-service mazes.
If CodeB isn't the right tool for your situation, we'll tell you so directly and point you somewhere that fits. Two decades of customers tell us that's why they stay.
Reply target: 1 business day · Phone hours: CET, Mon–Fri · Languages: English, German
Tell us about your environment — Windows mix, account model, token preferences — and we'll propose a pilot deployment within two business days.