4 - How Modern MFA Works


A modern MFA solution enables users to authenticate to applications using multiple factors. Users simply install an app on their phone and self-register that device. Easy to setup and use, this type of MFA solution gives your users strong authentication for all of the apps they need, no matter where they are.

 

When governance policies dictate the need for strong authentication, the MFA service sends a notification to the user’s smartphone. If the user employs iOS or Android devices, the Apple or Android notification service sends this notification. This eliminates the cost of a voice call or SMS message. Upon receiving the notification, the user swipes his or her device to sign-on and is authenticated.

 

 

If a user can’t get online but needs access to their device, offline modes can generate a one-time passcode (OTP). Alternatively, SMS, voice, email or a desktop application can deliver the OTP. YubiKey and other hard tokens can also be employed for sensitive environments or for users without mobile device or phone access.

 

Contextual MFA works in the background to develop an active and passive assessment of the user. This might include contextual, behavioral or correlative factors, including the geolocation, computing environment and nature of the transaction being attempted. It collects data about the user to establish a typical behavioral profile. If the user’s behavior falls outside of this, it can step up authentication requirements to apply the correct level of security based on the associated risk.

 

Chapter 5