Human-Centric Authentication (HCA) is a framework that replaces passwords with the way humans actually identify each other: your face, your voice, and the context of your presence.
A man walks into his bank with a government ID, his account number, and his password. He logs in on his laptop in front of the teller. She can see his face. She can see his account. She knows who he is.
She cannot help him. The system requires a verification code sent to a phone he no longer owns. It takes thirty minutes for a person with four forms of identification to access his own money — because the system trusts a text message more than a human being.
Meanwhile, a small-town bank teller in Oakley, Kansas processes a $900 wire transfer based on five contextual signals: the caller's name, his voice, his father's presence at the bank that morning, the same wire recipient as last month, and community knowledge. No password. No code. No second device.
HCA digitizes the process the teller already uses. It does not invent a new model. It restores the one that worked before we replaced human judgment with password fields.
Nobody asks for your password when you arrive at a casino.
Las Vegas casinos and tribal gaming operations like the 7 Clans Casino in Oklahoma have deployed the most sophisticated real-time facial recognition, behavioral tracking, and contextual personalization systems in the world — for decades.
They know who you are the moment you walk in. They track your location across the floor. They model your behavior in real time. They use that model to dynamically adjust slot machine payout rates, time the arrival of free drinks to the exact moment your resolve weakens, and calibrate your emotional state so precisely that when you leave, you feel unlucky — not fleeced. You blame yourself, not the system. That is an engineered outcome.
The reason your bank still asks for a password is not that the technology doesn't exist. It is that nobody with the technology has had any incentive to use it for your benefit instead of theirs.
HCA uses the same signals — face, voice, behavior, location — and points them in the opposite direction. Instead of "how do we keep this person spending," it asks "how do we make sure this person is safe, recognized, and treated with dignity." Same technology. Same data. Opposite purpose.
The extraction economy and the dignity economy use the same tools. The only difference is which direction they point.
HCA authenticates the person, not a credential. Every login is simultaneously an identity check and a wellness check.
Your face is matched against the enrolled profile stored on your device. No data leaves the phone. No server is contacted. The system knows who is holding the device before you do anything.
You speak your name. Three things happen simultaneously: the system confirms a living human is present, your voice is matched as a second independent biometric, and stress markers are analyzed against your baseline. If you are under duress, the system knows — and responds according to your security tier.
Device fingerprint, location, time of day, and behavioral patterns produce a composite confidence score. Access is granted, challenged, or denied. The entire process takes under three seconds.
Built on FIDO2/WebAuthn. Passkeys handle the cryptography. HCA handles the humanity.
A delivery ride does not warrant the same friction as a wire transfer. HCA implements three tiers that scale authentication rigor to the value at risk.
Designed for everyday users. Face confirms identity. Spoken name confirms presence. The system learns your voice over time. For a $20 credit balance, this is proportional.
Face and voice are actively matched on every login. A pre-configured duress phrase grants restricted access while silently alerting a trusted contact. The attacker sees a normal login. Your people know something is wrong.
For journalists, activists, abuse survivors, and anyone facing active threats. Kill phrases can lock, wipe, or present a decoy environment. Processed entirely on-device. Invisible to an attacker.
Two independent biometrics. Zero typing. Duress detection is built into the normal flow.
Architecture, not policy. Face and voice embeddings live in the secure enclave. ReachTech servers never see your biometrics.
No credit cards. No SSNs. No ad profiles. Our data is relational context — it only has value to the people it belongs to.
A transparency dashboard shows exactly which signals contributed to your authentication. No covert collection.
No complexity requirements. Your password is yours. It exists for when biometrics are unavailable, not as the front door.
A 72-year-old. A blind user. A person whose faith prohibits photography. If any of them are excluded, we failed.
The HCA framework is documented in two companion papers. Document A presents the philosophical and economic case. Document B specifies the technical architecture.
HCA is a framework, not a finished product. We have published this specification as an open invitation to the digital security community — identity engineers, privacy advocates, security researchers, and anyone who believes authentication should feel like recognition, not interrogation.
We welcome critique, collaboration, and conversation. If you see a flaw, tell us. If you see a possibility, join us.
ReachTech Inc. — Wichita, Kansas
Justin Wieland, Founder & CEO
April 2026