v4.0 Release Notes

We’re excited to share what we’ve been building. BlokSec v4.0 is a ground-up reimagining of our platform, touching every part of the experience for both administrators and end users. This release reflects over a year of focused engineering work, and we think you’ll notice the difference the moment you log in.

This document is designed to help you understand what’s changing, what’s improving, and what you and your users need to know as we prepare to roll out v4.0 across your organization.

Admin Console

Completely redesigned with on-demand reporting, richer user management, and streamlined workflows.

Authenticator App

Unified cross-platform app with location awareness, better backup/restore, and seamless upgrade from the old yuID app.

Login Experience

Modernized login flow with smoother QR scanning, better device support, and dark mode.

BlokSafe

New app launchpad and password manager for your users, secured by BlokSec authentication.

---

Admin Console

The admin console has been completely rebuilt from scratch. The old console served us well, but it was built on aging technology and lacked the depth of functionality that our growing customer base needs. The new console is faster, more intuitive, and significantly more capable.

On-Demand Reporting

One of the most requested features from our customers. You can now pull authentication reports directly from the console without needing to contact us.

• Request analytics with configurable date ranges (7 days, 30 days, 90 days, or custom)
• Geographic distribution showing where authentication requests originate, with country-level breakdown
• Peak usage analysis to help you understand authentication patterns across your organization
• CSV export for every report, so you can pull data into your own tools for compliance, audits, or internal reporting
• API log analytics with detailed inspection of individual requests, including HTTP status codes and response details

Screenshot pending

/screenshots/release-notes/v4/admin-request-analytics.png

Request analytics dashboard showing date range filtering, geographic distribution, and exportable data

On-demand reporting with geographic distribution and CSV export

User Management

Managing users is now significantly easier and more transparent.

• User-centric views let you see everything about a user in one place: which applications they have access to, what devices they’re using, and their account status across your organization
• Application-centric views flip the perspective, showing you exactly who has access to a specific application and their current status
• Streamlined account provisioning reduces the administrative burden of adding new users. The old workflow required multiple steps across different screens; the new process is consolidated and guided
• Device visibility shows you which mobile devices each user has registered, helping with support and security investigations
• User lifecycle management with clear status tracking (active, suspended, terminated) and the ability to manage transitions

Screenshot pending

/screenshots/release-notes/v4/admin-user-detail.png

User detail page showing accounts across multiple applications, registered devices, and status

Everything about a user in one place

Application Management

Setting up and managing SSO applications is more straightforward, with better support for different protocols.

• Template marketplace with pre-built configurations for common applications (Microsoft 365, Google Workspace, Salesforce, and more). Select a template and fill in just the details specific to your environment
• All four protocols supported with dedicated configuration forms: OpenID Connect (OIDC), SAML 2.0, WS-Federation, and Windows Passwordless Logon
• Per-application branding so each application can display your organization’s logo and colors during the login flow
• User provisioning integration with Microsoft Graph and Google Directory API for automated user sync

General Improvements

• Dark mode throughout the console
• Responsive design so you can check on things from your phone or tablet
• Faster page loads and smoother navigation
• Better error messaging with clear, actionable feedback when something goes wrong
• Confirmation dialogs for destructive actions to prevent accidental deletions

---

BlokSec Authenticator App

The mobile authenticator has been completely rewritten as a single, unified app. If you’ve been with us a while, you’ll remember that we previously had separate iOS and Android apps (under the “yuID” brand). Those are being replaced by a single app called BlokSec, available in both the App Store and Google Play.

What’s New

• Location awareness - When your users approve an authentication request, the app captures their approximate location and displays it on a map within the approval screen. This gives users additional context about where the login is being attempted, adding a layer of visual verification
• Better backup and restore - Users can create encrypted backups of their accounts as QR codes and restore them on a new device. The process is simpler and more reliable than before
• Account polling - In the old app, users received a separate invitation for each application they needed to access. In v4.0, users accept a single invitation to join your organization, and the app automatically discovers and adds their application accounts. This dramatically reduces the onboarding burden for both administrators and users
• Dark mode with full theme support
• Improved settings with device management, notification controls, and comprehensive account preferences

Screenshot pending

/screenshots/release-notes/v4/authenticator-approval.png

Authentication approval screen showing request details, account selector, and location map

Location-aware authentication approval

Upgrading from yuID

Seamless Upgrade

Users do not need to export, back up, or re-register. The upgrade is automatic.

We’ve put significant effort into making the upgrade path as painless as possible. Here’s what your users need to know:

1. Update the app from the App Store or Google Play. The new BlokSec app replaces the old yuID app through a standard store update
2. Launch the app after updating. The app will automatically detect their existing accounts and migrate everything behind the scenes
3. See a brief welcome screen introducing the new look and requesting any new permissions (like location access)
4. Continue as normal. All existing accounts, PINs, and settings are preserved. No re-enrollment required.

The migration handles both iOS (where keychain data persists across updates) and Android (where data carries over during in-place upgrades). Your users should not notice any disruption.

Single Codebase

Moving from two separate native apps (Swift for iOS, Java for Android) to a single React Native codebase means we can ship features and fixes to both platforms simultaneously. This reduces the window where iOS and Android users might have different capabilities, and it lets us move faster overall.

---

Login Experience

The login flow that your users see when authenticating to BlokSec-protected applications has been redesigned with a focus on clarity and speed.

What’s Changed

• Modern visual design using Material Design 3 components, replacing the older template-based approach
• Smoother QR scanning with improved camera handling, multi-camera support (front/back toggle), and audio feedback on successful scans
• Physical scanner support for environments where webcam-based scanning isn’t practical. Users can use a handheld barcode scanner as an alternative input method
• Dark mode that respects user and system preferences
• Better error states with clear messaging when something goes wrong during authentication
• Remembers preferences - the login flow remembers whether a user prefers camera scanning or a physical scanner, so they don’t have to choose every time

Protocol Support

All existing protocol integrations continue to work as before. The login flow supports OIDC, SAML 2.0, and WS-Federation with protocol-specific branding and return handling. If you have existing SSO integrations, they will continue to work without any reconfiguration.

---

BlokSafe

BlokSafe is a new application we’re introducing with v4.0. Think of it as a personal launchpad for your users, combining two things:

1. App launchpad - A single page where users can see and launch all their BlokSec-protected applications. No more bookmarking individual login URLs or remembering which portal goes where
2. Password manager - For applications that still require traditional passwords, BlokSafe provides secure storage, a password generator, and the ability to share credentials with team members

Key Features

• One-click launch for all BlokSec-protected applications from a single dashboard
• Search and favorites to quickly find the right application
• Secure credential storage for applications that still use traditional passwords
• Password generator with strength indicators
• Team sharing - share credentials with colleagues via email, with group-based access control
• Credential health monitoring to track password age and strength across stored credentials

Availability

BlokSafe is a new product and will be rolled out as part of your v4.0 deployment. We’ll work with you to determine the right timing for introducing it to your users.

Screenshot pending

/screenshots/release-notes/v4/bloksafe-launchpad.png

BlokSafe launchpad showing application cards with search, favorites, and one-click launch

All your apps in one place

---

Security and Infrastructure

While the user-facing changes are the most visible part of v4.0, we’ve also made significant improvements under the hood.

Cryptographic Improvements

• Upgraded encryption from AES-256-CBC to AES-256-GCM, which provides both confidentiality and integrity verification in a single operation
• Stronger key derivation using PBKDF2-HMAC-SHA256 with 200,000 iterations for PIN-based key unwrapping
• Dual-salt architecture for QR-based authentication. The QR code and the server each hold a separate salt, meaning that compromising either the QR code or the server database alone is not sufficient to reconstruct a user’s private key. Both are required, along with the user’s PIN
• Stable QR codes that don’t need to be reprinted when a user changes their PIN

Protocol Enhancements

• OIDC single logout - Users can now be properly signed out of all applications through RP-initiated logout
• SAML single logout - Support for both POST and redirect bindings
• Automatic consent - Removes unnecessary consent prompts during OIDC flows, reducing friction for returning users

API Security

• Signed API requests from the mobile authenticator. Every API call from the app is cryptographically signed using the user’s private key, proving the request originated from a legitimate device
• Per-request nonces prevent replay attacks
• Time-bounded tokens with 5-minute expiry windows

---

Preparing for v4.0

Here’s what you need to know from a change management perspective as we prepare to roll out v4.0 in your organization.

What Administrators Need to Do

Action Required

Administrators should familiarize themselves with the new console before the rollout. We will provide access to a staging environment so you can explore the new interface ahead of time.

• Familiarize yourself with the new admin console. The layout and navigation are different from the old console. All the same functionality is available, but it’s organized differently. We recommend spending 15-20 minutes exploring the new interface before the switchover
• Review your user management workflows. The new console consolidates several previously separate screens into unified views. Your existing processes may benefit from streamlining
• Explore the new reporting features. If you’ve been requesting data exports from us, you can now pull that data yourself
• No SSO reconfiguration required. Your existing OIDC, SAML, and WS-Federation integrations will continue to work. Application configurations are preserved during the upgrade

What End Users Will Experience

• The authenticator app update is automatic. Users simply update the app from their app store. All accounts and settings migrate automatically
• The login page looks different. The visual design of the login flow has changed, but the process is the same: enter your email, scan the QR code, enter your PIN. Consider sending a brief heads-up to your users so they’re not surprised by the new look
• BlokSafe is new. If you choose to enable BlokSafe for your users, they’ll have access to the app launchpad and password manager. We recommend introducing this in a phased rollout, starting with a pilot group

Suggested Communication to Your Users

Here’s a template you can adapt for your organization:

Subject: BlokSec is getting an upgrade

We’re upgrading our BlokSec passwordless authentication system to version 4.0. Here’s what you need to know:

• Update your authenticator app when prompted by the App Store or Google Play. The app will handle everything automatically - no action needed on your part beyond installing the update.
• The login page has a new look. The process is the same (email, scan, PIN), but the page design has been refreshed.
• You may notice a new app called BlokSafe becoming available. We’ll share more details about that separately.

If you run into any issues after the update, contact [your IT support channel].

Timeline

We will work with you to schedule the rollout at a time that works for your organization. The upgrade can be performed with minimal disruption, and we will be available to support you throughout the process.

---

Questions?

If you have questions about v4.0 or want to discuss the rollout plan for your organization, reach out to your BlokSec account representative or contact us at support@bloksec.io.