Multi-factor authentication (MFA) is a security mechanism that requests users to authenticate themselves using not just one but multiple identifiers – such as a one-time code sent via SMS or a fingerprint scan. Authentication using just a username and a password is vulnerable to security breaches because the credentials are frequently lost or stolen by cybercriminals.
Multi-factor authentication combines at least two of the following three factors. A combination of two factors is also referred to as 2FA.
Additional factors such as location and behaviour can increasingly be taken into account as well (see Adaptive authentication).
CIAM for high security is deeply rooted in our DNA. We also have many years of security experience in banking and finance. Consequently, the Nevis Security Suite covers all aspects of securing portals with strong authentication. Nevis not only offers off-the-shelf second-factor functions (one-time passwords, OATH/TOTP [Google Authenticator], Vasco Digipass, RSA SecurID, SMS TAN, email TAN), but also its own passwordless, mobile authentication solution combining security and user-friendliness.
When it comes to implementing authentication, companies often have to choose between ultra-secure multi-factor authentication sequences with high friction or a login scenario with low friction and minimal security. Adaptive authentication from Nevis solves this dilemma by letting you add or remove an authentication step dynamically during the login sequence depending on the underlying context information or business rules.
With the help of its flexible expansion points, Nevis can be integrated into many third-party and legacy MFA authentication solutions if required. The migration of legacy authentication methods is also possible.
With adaptive authentication, you no longer have to choose between security and user-friendliness. You can now react dynamically during the login process, depending on the underlying context information or business rules.
Adaptive authentication effectively combines your security requirements with an optimised user experience. For instance, a user who tries to access your services from an unknown device may receive a notification email about this new event. If the user logs in from a geographical location other than their place of residence, they may have to specify their second factor again. If the user logs in from a geographically restricted country, their login may even be denied due to geographical service restrictions.
During the login, Nevis automatically collects, analyses and evaluates different signals from the current user context – for example:
Based on these different inputs for every authentication, Nevis continuously creates a risk profile for the user. The system reacts to specific events and risk scenarios, for example, to the logins from a new device or if logins are performed within a short time from locations separated from one another by long distances. You can then decide whether you wish to notify the user or provide additional means of authentication via multi-factor authentication.
Passwordless Authentication With Nevis
Humans are not capable of remembering hundreds of strong and secure passwords. Passwordless authentication is one way around this problem. Nevis offers passwordless authentication on every channel, every device and in every combination, and uses the biometric capabilities of modern smartphones to improve convenience and security for end users. A single tap is all that’s required to authenticate yourself using the combination «something that you have» (your smartphone) and «something that you are» (biometrics). This means that users can log in seamlessly and effortlessly regardless of where they are and of which device they happen to be using.
Mobile Authentication With Nevis
Mobile authentication is the verification of a user’s identity involving the use of a mobile device and one or more authentication methods to guarantee secure access.
Using the biometric capabilities of modern mobile devices is a convenient solution for multi-factor authentication (MFA) to verify the identity of a person. It uses ownership of a mobile device as the first factor and the same device to check a unique biometric attribute as a second factor.
Our complete range allows companies to seamlessly implement mobile authentication experiences. The Access app and mobile SDK are based on the open FIDO-UAF standard. Here, we support different biometric authentication methods and fallbacks:
The Access app and the Nevis SDK support multiple accounts on a single device so that you can switch between your company account and your private account if necessary.
Integration in Your Business App
Integration in your business app offers you several advantages:
Our Mobile SDK for iOS and Android enhances your existing app by adding passwordless authentication functions or functions for signing transactions. The SDK is available for:
Don’t have an app? With Nevis, biometric authentication in the latest Android OS and iOS versions is supported directly in the mobile browser. You do not need an additional download or app and it works wherever one of the latest browsers is available.
Our Mobile SDKs and Access app are fully ‘hardened’ to protect the integrity of mobile devices and to detect if this integrity has been breached. It is an additional security level that makes mobile authentication more secure, even if a mobile device has been compromised.
The signing of transactions is a core requirement for a successful digital business. Conventional password flows are not suitable for signing transactions since they are unwieldy and are not legally permissible in some industries. The financial services industry requires that transactions be compliant with regulations such as PSD2 and SCA (strong customer authentication).
With Nevis, you can use the same methods for transaction signing that you also use for authentication purposes.
What You See Is What You Sign (WYSIWYS)
Nevis is certified for compliance with the FIDO-UAF standards, the gold standard for security in the financial services industry. With FIDO UAF, transaction signing is based on the concept of «What You See Is What You Sign» (WYSIWYS). The user signs a transaction message that is displayed with the help of a biometrically secured private key.
Dynamic linking covers an additional series of requirements that were introduced in the Regulatory Technical Standards (RTS) – the implementation guidelines for PSD2. Dynamic linking requires that an authentication code be unique for every transaction – meaning it can only be used once. Furthermore, it must be specific for the transaction amount and the recipient. Both the amount as well as the recipient must be clearly stated during authentication.
Implement transaction confirmations that comply with industry regulations such as PSD2 with dynamic linking:
Our solution offers multi-factor authentication with an authentication code (signed challenge) for confirming registration and the transaction. The challenge is sufficiently long and randomly generated as to render conflicts virtually impossible, and the authentication code is only accepted once.
The elements used for multi-factor authentication are independent of one another.
Nevis guarantees the confidentiality of the authentication data: it is based on the FIDO-UAF standard (including public-key cryptography). Information such as the PIN, the user’s biometric characteristics or the private key never leave the device.
TLS and mobile hardening also guarantee the confidentiality and integrity of the transmitted authentication data.
Usernameless is the next variant of seamless logins. This allows you to log in without specifying a username. You can even choose the account you want to log into in the app. The process is simple:
This is supported both by the Access app as well as by custom apps created using the mobile SDK.
Authentication that relies solely on usernames and passwords is insecure and vulnerable to hacker attacks. Authentication that uses multiple different procedures increases security significantly – without compromising usability.
By combining different authentication procedures, multi-factor authentication offers better protection against unauthorised access – after all, users are only too happy to bypass more complicated manual security measures.
Multi-factor authentication maximises usability because biometric processes such as facial recognition or typing behaviour analysis costs neither time nor effort for the user.
The combination of multiple identification factors is a highly effective way to hamper identity theft. This is particularly important when it comes to sensitive operations such as payments or accessing confidential documents.
Thanks to the FIDO standard, multi-factor authentication provides for greater interoperability and enables greater flexibility and security.