Greater Security Through Combination

Multi-Factor Authentication (MFA)


What is MFA?

Multi-factor authentication (MFA) is a security mechanism that requests users to authenticate themselves using not just one but multiple identifiers – such as a one-time code sent via SMS or a fingerprint scan. Authentication using just a username and a password is vulnerable to security breaches because the credentials are frequently lost or stolen by cybercriminals.

Multi-factor authentication combines at least two of the following three factors. A combination of two factors is also referred to as 2FA.

  • Something that you know (knowledge): this is usually your account password but often also a one-time TAN or PIN number sent via SMS or email by a service provider or company.
  • Something that you have (possession): this usually refers to physical devices such as smartphones, smartwatches and hardware tokens.
  • Something that you are (a personal characteristic that is unique to you): biometric indicators such as fingerprints, facial features or iris scans are increasingly used for authentication since more and more devices have the technologies required to perform biometric scans such as Apple’s TouchID or FaceID.

Additional factors such as location and behaviour can increasingly be taken into account as well (see Adaptive authentication).

How Does Multi-Factor Authentication With Nevis Work?

CIAM for high security is deeply rooted in our DNA. We also have many years of security experience in banking and finance. Consequently, the Nevis Security Suite covers all aspects of securing portals with strong authentication. Nevis not only offers off-the-shelf second-factor functions (one-time passwords, OATH/TOTP [Google Authenticator], Vasco Digipass, RSA SecurID, SMS TAN, email TAN), but also its own passwordless, mobile authentication solution combining security and user-friendliness.

When it comes to implementing authentication, companies often have to choose between ultra-secure multi-factor authentication sequences with high friction or a login scenario with low friction and minimal security. Adaptive authentication from Nevis solves this dilemma by letting you add or remove an authentication step dynamically during the login sequence depending on the underlying context information or business rules.

With the help of its flexible expansion points, Nevis can be integrated into many third-party and legacy MFA authentication solutions if required. The migration of legacy authentication methods is also possible.

Adaptive Authentication

blue-plus blue-minus

With adaptive authentication, you no longer have to choose between security and user-friendliness. You can now react dynamically during the login process, depending on the underlying context information or business rules.

Adaptive authentication effectively combines your security requirements with an optimised user experience. For instance, a user who tries to access your services from an unknown device may receive a notification email about this new event. If the user logs in from a geographical location other than their place of residence, they may have to specify their second factor again. If the user logs in from a geographically restricted country, their login may even be denied due to geographical service restrictions.

During the login, Nevis automatically collects, analyses and evaluates different signals from the current user context – for example:

  • Your current location (geo-location)
  • Your travel distance (geo-speed) if you previously logged in from other locations
  • Your device with advanced fingerprint scan technology
  • Your intended action
  • Your source-IP reputation, based on external IP reputation services

Based on these different inputs for every authentication, Nevis continuously creates a risk profile for the user. The system reacts to specific events and risk scenarios, for example, to the logins from a new device or if logins are performed within a short time from locations separated from one another by long distances. You can then decide whether you wish to notify the user or provide additional means of authentication via multi-factor authentication.

Passwordless Authentication With Nevis

blue-plus blue-minus

Humans are not capable of remembering hundreds of strong and secure passwords. Passwordless authentication is one way around this problem. Nevis offers passwordless authentication on every channel, every device and in every combination, and uses the biometric capabilities of modern smartphones to improve convenience and security for end users. A single tap is all that’s required to authenticate yourself using the combination «something that you have» (your smartphone) and «something that you are» (biometrics). This means that users can log in seamlessly and effortlessly regardless of where they are and of which device they happen to be using.

Mobile Authentication With Nevis

blue-plus blue-minus

Mobile authentication is the verification of a user’s identity involving the use of a mobile device and one or more authentication methods to guarantee secure access.

Using the biometric capabilities of modern mobile devices is a convenient solution for multi-factor authentication (MFA) to verify the identity of a person. It uses ownership of a mobile device as the first factor and the same device to check a unique biometric attribute as a second factor.

Our complete range allows companies to seamlessly implement mobile authentication experiences. The Access app and mobile SDK are based on the open FIDO-UAF standard. Here, we support different biometric authentication methods and fallbacks:

  • Complete FaceID and TouchID support on Apple iPhone devices
  • Support for fingerprints and biometric input requests on Android devices
  • Secure PIN-based fallback methods if a user has not activated biometrics

The Access app and the Nevis SDK support multiple accounts on a single device so that you can switch between your company account and your private account if necessary.

Integration in Your Business App

blue-plus blue-minus

Integration in your business app offers you several advantages:

  • More responsive than a browser, which creates a native feeling for the end user
  • Greater security and fewer support calls thanks to a better-controlled end-user environment
  • Support for standardised transaction confirmations that the revised FIDO2 standard lacks

Our Mobile SDK for iOS and Android enhances your existing app by adding passwordless authentication functions or functions for signing transactions. The SDK is available for:

  • Native iOS/Android apps
  • Flutter
  • React Native


Don’t have an app? With Nevis, biometric authentication in the latest Android OS and iOS versions is supported directly in the mobile browser. You do not need an additional download or app and it works wherever one of the latest browsers is available.

Mobile hardening

Our Mobile SDKs and Access app are fully ‘hardened’ to protect the integrity of mobile devices and to detect if this integrity has been breached. It is an additional security level that makes mobile authentication more secure, even if a mobile device has been compromised.

Transaction Confirmation

blue-plus blue-minus

The signing of transactions is a core requirement for a successful digital business. Conventional password flows are not suitable for signing transactions since they are unwieldy and are not legally permissible in some industries. The financial services industry requires that transactions be compliant with regulations such as PSD2 and SCA (strong customer authentication).

With Nevis, you can use the same methods for transaction signing that you also use for authentication purposes.

What You See Is What You Sign (WYSIWYS)

blue-plus blue-minus

Nevis is certified for compliance with the FIDO-UAF standards, the gold standard for security in the financial services industry. With FIDO UAF, transaction signing is based on the concept of «What You See Is What You Sign» (WYSIWYS). The user signs a transaction message that is displayed with the help of a biometrically secured private key.

Dynamic Linking

blue-plus blue-minus

Dynamic linking covers an additional series of requirements that were introduced in the Regulatory Technical Standards (RTS) – the implementation guidelines for PSD2. Dynamic linking requires that an authentication code be unique for every transaction – meaning it can only be used once. Furthermore, it must be specific for the transaction amount and the recipient. Both the amount as well as the recipient must be clearly stated during authentication.

Implement transaction confirmations that comply with industry regulations such as PSD2 with dynamic linking:

Our solution offers multi-factor authentication with an authentication code (signed challenge) for confirming registration and the transaction. The challenge is sufficiently long and randomly generated as to render conflicts virtually impossible, and the authentication code is only accepted once.

The elements used for multi-factor authentication are independent of one another.

Nevis guarantees the confidentiality of the authentication data: it is based on the FIDO-UAF standard (including public-key cryptography). Information such as the PIN, the user’s biometric characteristics or the private key never leave the device.

TLS and mobile hardening also guarantee the confidentiality and integrity of the transmitted authentication data.

Usernameless Authentication

blue-plus blue-minus

Usernameless is the next variant of seamless logins. This allows you to log in without specifying a username. You can even choose the account you want to log into in the app. The process is simple:

  • Display a QR code or deep link
  • Open the Access app
  • Select the account to continue
  • Confirm using your biometrics (or PIN as a fallback)

That’s it!

This is supported both by the Access app as well as by custom apps created using the mobile SDK.


Do You Have Questions About Customer Identity and Access Management?

We’re here to help – with personal consultations, reliable support and smart solutions. We would be happy to show you the advantages of the Identity Suite from Nevis in detail.

Contact Us!

Advantages of Multi-Factor Authentication

Authentication that relies solely on usernames and passwords is insecure and vulnerable to hacker attacks. Authentication that uses multiple different procedures increases security significantly – without compromising usability.

Improved Security

By combining different authentication procedures, multi-factor authentication offers better protection against unauthorised access – after all, users are only too happy to bypass more complicated manual security measures.

Improved Usability

Multi-factor authentication maximises usability because biometric processes such as facial recognition or typing behaviour analysis costs neither time nor effort for the user.

Hampering Identity Theft

The combination of multiple identification factors is a highly effective way to hamper identity theft. This is particularly important when it comes to sensitive operations such as payments or accessing confidential documents.

Greater Flexibility

Thanks to the FIDO standard, multi-factor authentication provides for greater interoperability and enables greater flexibility and security.


Need more insights into multi-factor authentication?

Get comprehensive details on this topic in our free white paper.

Download White Paper