Authentication methods
Summary table
# | Method | Requirements | Usage | Security |
---|---|---|---|---|
1 | Universal web authentication with biometrics abilities | Device with biometric sensor or external token, modern browser | Convenient | Very high |
2 | Telegram Messenger | Smartphone application, internet access | Convenient | High |
3 | OTP token | External token | Depends on token | High |
4 | Google authenticator | Smartphone application | Less convenient | High |
5 | SMS | Smartphone | Less convenient | Medium |
Universal web authentication with biometrics abilities
Protocol suit: U2F (Universal Second Factor), UAF (Universal Authentication Framework), FIDO (Fast IDentity Online), CTAP (Client to Authenticator Protocol), gathered in the unique standard WebAuthn.
Standard operates directly from the browser without installation of the third-party software and drivers. Maintains biometric sensors and scanners, as well as external authentication devices, connected via USB, Lightning, NFC or Bluetooth, for example, RuToken U2F.
Universal authentication is maintained by the browsers Chrome, Safari, Firefox, Edge, Opera on the platforms Windows, Linux, macOS and Android.
Registration
The user shall be suggested to use a biometric sensor if it is available on his smartphone or laptop, either connect and activate an external token. Thereafter, Multifactor gets public keys of the devices and is able to use them for authentication.
Authentication
The user applies biometrics (fingermark, face scanner) or touches the external token — takes deliberate action.
Telegram Messenger
Telegram — one of the most convenient and secured messengers in the world, which operates even at an unstable internet connection.
Registration
For registration, the user will be suggested to open a special link on his smartphone with installed Telegram application. Thereafter, Multifactor Bot will be automatically added to the contact list. For the registration press the button "Start" in chat.
Authentication
The user receives the message from Bot with the request to confirm the action and with two buttons: confirm or cancel correspondently.
OTP Token
OTP token — the device to generate one-time access codes, usually in a form of breloque and which shows the figures on the screen, for example — Feitian c100 or in a form of USB flash drive, for example — RuToken OTP.
The second format is more convenient, as there is no need to enter the figures: the device is determined by the operating system as а keyboard and automatically enters the code in a focus field. On the other hand, the breloques with the screen do not require connection to a computer and operate independently.
Registration
To register OTP token it is required to download in Multifactor the device key and enter a one-time code. If required, Multifactor by itself can generate the device key for the further download in the token.
Authentication
The user shall enter a one-time access code, formed by the token.
Google Authenticator
Google Authenticator — is the most popular application for generating one-time access codes on smartphones Android and iOS. One can say, that this is a generic name of such authentication methods range. Besides Google Authenticator, the same function have Yandex.Key, Microsoft Authenticator, and other less known applications.
Registration
The user shall be suggested to launch Google Authenticator or Yandex.Key application, to scan QR code, containing the key of Multifactor system, and enter a one-time access code, generated by the application.
Authentication
For authentication, it is required to launch the application and enter the access code.
SMS
It is the most conventional method, which has been used in multifactor authentication systems for many years, it is considered as a deprecated method and is not secure enough, but it remains in Multifactor for the situations when the other methods are not applicable for various reasons. Of course, in personal account settings it can be activated for all users or definite groups.
Registration
For registration, the user will be suggested to enter a phone number and one-time code from SMS, sent by the Multifactor system.
Authentication
The user shall enter a one-time access code, received in SMS.