Curity and MFA
Curity can help create secure multifactor authentication flows to fit a client’s specific security requirements. An authentication method in Curity is called an authenticator. Curity makes it possible to configure an infinite number of authenticators, either of the same type or of different types. These authenticators can be combined in various ways to create multifactor solutions and integrations.
Curity’s great flexibility permits a wide variety of approaches to MFA. But in principle, there are two main ways to create multifactor authentication flows.
One way is to set up a predefined flow. Although a predefined flow can be set up in various ways, once established it must be followed as laid out. The flow will proceed the same way every time. Such authentication flows can be thought of as “swim lanes” restricting the user to particular pathways. The predefined nature of such a flow does not mean the multifactor authentication provided is necessarily lacking in robustness, however. This approach can in fact be used to set up elaborate chains of authentications that can achieve a level of MFA not limited to two factors alone.
The other main way to create a multifactor authentication flow in Curity is to make the flow conditional. The conditions involved can be based on the client’s needs or even external circumstances such as a report of an attack that necessitates stepped up security measures. The key difference between this approach and the predefined approach is that a second factor can be conditional on almost anything a developer choses from user preference to time of day to location, etc. In short, just about any condition can be introduced into this type of authentication flow.
Provided that the administrator permits it, the client has many options concerning which flow to trigger among predefined and conditional flows. The administrator can provide a variety of flows to choose from and the client can then choose the desired flow and apply it. Or, alternatively, the user may chose his or her own flow, deciding, for example, whether to provide a second factor by, say, text message or email.
Depending on the approach chosen and the degree of security required, Curity can fine-tune multifactor authentication in an almost infinite variety of ways.