Create the strongest and most secure form of identity authentication by requiring users to provide more than one authentication factor to access an account.
The concept behind multi-factor authentication (MFA) is simple: rather than requiring a single, less-secure form of authentication (like a password), MFA layers multiple authentication steps together, like a password plus an SMS OTP (one-time password). By using more than one simple authentication method, a stronger, synergistic form of security is created.
Common authentication types include something the user knows (password or security question), something the user has (OTP or registered mobile device), and something the user is (biometric factors including face and voice). Due to their inability to be lost, replicated, or stolen, biometric factors, especially when used in combination as part of an MFA security approach, are the most secure factors that can be used to authenticate a user’s identity. They also provide greater ease-of-use.
A multi-factor authentication method that is familiar for many users is a combination of a card and a PIN. Financial institutions have been using this method for decades to secure ATM interactions. For online interactions, the most common example of MFA is a password with a secondary prompt that could range from OTPs (one-time passwords) delivered by SMS (text message), to an authentication code generated by an app, or, in some cases, to a physical token like a USB drive or FIDO security key, which is most often an external fob that stores security data.
A common secondary factor that, by its nature, is most often overlooked, is a registered device. The only time a user knows this factor is being used is when they get an email warning after logging in from a new device. A registered device is also known as a possession-based factor. These “invisible MFA” factors strike a powerful balance between increasing overall security and maintaining a low-friction user experience.
At Daon, our xAuth solution gives customers access to their choice of factors. The authentication tools in the xAuth portfolio span the MFA spectrum of device-based, web-based, and cross-channel authentication protocols, including FIDO UAF and FIDO2-certified biometric authentication, making it easy for organizations to verify users in a manner that best fits their business and customer needs. All of these factors can also be integrated with xFace and xVoice to provide the maximum level of identity security.