User Opt-In Multi-Factor Authentication

The Curity Identity Server version 6.6.0 is fresh out of the build machines, and with it is a new powerful Authentication Action: Opt-in MFA. Our identity server has already had a plethora of multi-factor options from its inception, but up until this point, it has mainly been the administrator's responsibility to decide how and when multi-factor authentication (MFA) should take place.

Opt-in MFA changes this. Using the authentication action building blocks, the administrator can now configure the server with user flexibility in mind. Users can choose to protect their accounts at will by adding one or more authentication factors. Once added, the account is forever upgraded to use multi-factor authentication.

We've seen the MFA landscape change and become more mainstream over the last few years. Emerging technologies such as WebAuthn democratize owning a second factor as hardware vendors support built-in authenticators such as face and fingerprint scanners. Authentication apps are becoming more prevalent, but old-fashioned methods such as SMS are still excellent options to have as portable fallback mechanisms and account protections.

The Opt-in MFA action is one of the most advanced actions we have created and includes not only user opt-in steps but also user self-service options. This enables a user to add and remove factors when needed. And as always with Curity, any authenticator in the Curity Identity Server can be used as a second factor, combined with any first factor. The user can opt-in to protect the account with WebAuthn and add SMS as a convenient fallback.

We are looking forward to hearing your feedback about this new addition and hope that it will serve its purpose to make the Internet a safer place.

We'll discuss this feature and other approaches to multi-factor authentication in a webinar on December 9th — The Flavors of Multi-Factor Authentication — don't miss it!