|1||Universal web authentication with biometrics abilities||Device with biometric sensor or external token, modern browser||Convenient||Very high|
|2||Telegram Messenger||Smartphone application, internet access||Convenient||High|
|3||OTP token||External token||Depends on token||High|
|4||Google authenticator||Smartphone application||Less convenient||High|
Universal web authentication with biometrics abilities
Protocol suit: U2F (Universal Second Factor), UAF (Universal Authentication Framework), FIDO (Fast IDentity Online), CTAP (Client to Authenticator Protocol), gathered in the unique standard WebAuthn.
Standard operates directly from the browser without installation of the third-party software and drivers. Maintains biometric sensors and scanners, as well as external authentication devices, connected via USB, Lightning, NFC or Bluetooth, for example, RuToken U2F.
Universal authentication is maintained by the browsers Chrome, Safari, Firefox, Edge, Opera on the platforms Windows, Linux, macOS and Android.
The user shall be suggested to use a biometric sensor if it is available on his smartphone or laptop, either connect and activate an external token. Thereafter, Multifactor gets public keys of the devices and is able to use them for authentication.
The user applies biometrics (fingermark, face scanner) or touches the external token — takes deliberate action.
Telegram — one of the most convenient and secured messengers in the world, which operates even at an unstable internet connection.
For registration, the user will be suggested to open a special link on his smartphone with installed Telegram application. Thereafter, Multifactor Bot will be automatically added to the contact list. For the registration press the button "Start" in chat.
The user receives the message from Bot with the request to confirm the action and with two buttons: confirm or cancel correspondently.
OTP token — the device to generate one-time access codes, usually in a form of breloque and which shows the figures on the screen, for example — Feitian c100 or in a form of USB flash drive, for example — RuToken OTP.
The second format is more convenient, as there is no need to enter the figures: the device is determined by the operating system as а keyboard and automatically enters the code in a focus field. On the other hand, the breloques with the screen do not require connection to a computer and operate independently.
To register OTP token it is required to download in Multifactor the device key and enter a one-time code. If required, Multifactor by itself can generate the device key for the further download in the token.
The user shall enter a one-time access code, formed by the token.
Google Authenticator — is the most popular application for generating one-time access codes on smartphones Android and iOS. One can say, that this is a generic name of such authentication methods range. Besides Google Authenticator, the same function have Yandex.Key, Microsoft Authenticator, and other less known applications.
The user shall be suggested to launch Google Authenticator or Yandex.Key application, to scan QR code, containing the key of Multifactor system, and enter a one-time access code, generated by the application.
For authentication, it is required to launch the application and enter the access code.
It is the most conventional method, which has been used in multifactor authentication systems for many years, it is considered as a deprecated method and is not secure enough, but it remains in Multifactor for the situations when the other methods are not applicable for various reasons. Of course, in personal account settings it can be activated for all users or definite groups.
For registration, the user will be suggested to enter a phone number and one-time code from SMS, sent by the Multifactor system.
The user shall enter a one-time access code, received in SMS.