Multi-Factor Authentication

Multi-factor authentication
for airtight security

How can you be sure someone is who he claims to be? By asking for more proof. Passwords are easily compromised and are no longer enough. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack. Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to applications or resources.

 

Multi-Factor Authentication explained

With the rising number of cyberthreats and frequent cases of password theft, consumers have become keenly aware of cyberthreats. Above all, they want organizations to protect their credentials and data. MFA delivers an extra layer of protection on top (or in replacement) of the commonly used authentication method of the username/password combination. In MFA, different authentication factors are combined: knowledge factors (something you know), possession factors (something that you and only you have) and inherence factors (something the user is). These factors are sometimes further combined with the login context, for instance the location or the network context.

While it is relatively easy for cybercriminals to get hold of passwords, the chance that a second or a third factor is also discovered and used by hackers is smaller. One-size authentication is definitely something of the past. As we all know, one size does not fit all, one-size fits none.

Multi-factor authentication opens the path to the ultimate dream of passwordless authentication, delivering a better customer experience.

How TrustBuilder differs for MFA

Both the architecture of TrustBuilder ID Hub and its tooling make it perfectly suited for your MFA project.

Authentication method support

TrustBuilder ID Hub supports all authentication methods that can be used in MFA: username/password, one-time passwords, certificates, etc. Because of our support of attribute-based access control (ABAC), we can use step-up authentication for a higher level of security using ABAC rules.

Customer journey support

TrustBuilder ID Hub ensures security and user experience throughout the customer journey. Through its graphical user interface, TrustBuilder Workflow Editor lets administrators easily set up context-based policies that request extra authentication when necessary.

The key factors in MFA

MFA happens through a combination of one or more factors: knowledge factors, possession factors and inherence factors.

Knowledge factors

A knowledge factor is something you know. This can be a password, the most commonly used method for authentication. A password is supposed to be secret, but many people are sloppy in password management. Other knowledge factors are PIN numbers, which are also supposed to be secret. ‘Birth date’ or ‘Place you are born’ are knowledge factors too, but can hardly be called secret, as this can be discovered using public/private databases or through social engineering.   

Possession factors

A possession factor is something you and only you have. This can be your mobile phone (for instance using a mobile app), a hardware token, a one-time password you receive (through an SMS, a voice application or a soft token). Possession factors rate high in security but have the disadvantage that you can lose or forget them, so you need a backup plan.

Inherence factors

An inherence factor is something you are. Biometrics such as fingerprints or face recognition have grown widely in popularity (just think of the way you log in to your smartphone) and have increasingly become more accurate. Biometrics is quickly becoming the de facto standard for passwordless authentication on personal mobile phones.

Advantages of Multi-factor Authentication

As organizations move forward in their digital transformation, better security becomes all the more important. MFA helps companies in many ways and accelerates the digital transformation. 

MFA improves security

While it may be relatively easy for cybercriminals to find the password that matches a username, adding extra elements like a one-time password or biometric verification of a certificate definitely increase security. This makes MFA especially useful to enforce governance.

MFA enhances user experience

Contrary to what you might think, user experience might be improved by offering MFA. By taking away the hassle of passwords, and offering other options (QR codes on a mobile, biometrics), you are offering customers passwordless authentication schemes.

MFA reduces admin cost

By decreasing the use of passwords in favor of other authentication methods, the helpdesk will spend less time resetting passwords. In TrustBuilder ID Hub, MFA is so easy to set up that changes in the customer journey are easy to implement, virtually without coding, thanks to the graphical user interface.

Mobile MFA

Ever more people are using their mobile devices to perform financial and other transactions. This necessitates the right level of security. TrustBuilder delivers a mobile solution that provides the highest possible security.

Customer onboarding

Mobile MFA with TrustBuilder is ideal to provide an easy enrolment process when registering a mobile device as authenticator and using Mobile-as-a-Token afterwards.  Our mobile solution provides a simple enrolment by delivering a QR code. Customers can scan the QR code with their personal phone or tablet and provide a PIN or fingerprint for MFA.

Highest possible security

Our mobile solution offers the highest security in the market, with strong security based on state-of-the-art cryptography. Users can securely log in to your web portal or in-app without the hassle of a password or even a username.

eSigning

Signing of transactions and documents online needs to be compliant with legal requirements. The eSigning solution that TrustBuilder proposes is compliant with the requirements for Strong Customer Authentication in PSD2 and for advanced electronic signatures (eIDAS).

Using TrustBuilder to sign documents and transactions on mobile devices makes these signatures lawful and court-admissible and delivers strong non-repudiation.

How to implement MFA

TrustBuilder makes implementing Identity and Access Management capabilities such as Multi-factor authentication as easy as possible. We built in connections to Identity Providers and Service Providers so you don’t need to customize these. We equipped the Workflow Engine with a Graphical User Interface that allows you to build customer journeys adapted to your business goals. Our platform conforms to all standards and our industry experience will help shorten time-to-market of your solutions.

Interested in more implementation info?
Check out our long read on the 5 keys to a successful implementation of your IAM 

MFA illustration