Product Updates

Introducing New Multi-Factor Authentication Methods [Video]

Introduction

Multi-factor authentication (MFA) is becoming increasingly important for B2B applications as security threats continue to rise. By employing multiple forms of authentication, B2B companies can greatly reduce the risk of unauthorized access and data breaches.

Today, we are pleased to introduce three new multi-factor authentication (MFA) methods to enhance the security of your user’s accounts and improve user experience. These new MFA options include:

  • SMS notifications: Users can now receive a text message on their phone with a code to verify their identity.
  • Built-in authenticators (WebAuthn): We now support Touch ID and Windows Hello for Apple and Windows devices, respectively, making it easier for users to quickly and securely access their accounts using biometrics.
  • Security keys (WebAuthn): We now support roaming authentication methods like USB keys and mobile devices.

What is MFA?

Multi-factor authentication (MFA) is a security measure that requires a user to provide multiple forms of identification to access a system or service. This is done to ensure that only authorized individuals are able to access sensitive information and prevent unauthorized access.

In the context of B2B SaaS, MFA is an important security measure as it helps to protect both the software provider and the end-user by ensuring that only authorized individuals have access to the software and data. MFA can be implemented through a variety of methods, but what they all have in common is that they add an extra layer of security to the login process, thus making it harder for hackers to gain unauthorized access.

MFA factors explained

There are several kinds of multi-factor authentication factors that can be used to protect company data and systems. The most common methods include biometrics, hardware tokens, one-time passwords, SMS authentication, and email authentication.

The best way to explain these methods is by grouping them into three main categories, or factors:

  1. Knowledge-based factors: These factors are based on something the user knows, such as a password or a personal identification number (PIN). This type of MFA is considered the least secure because it can be easily guessed or stolen.
  2. Possession-based factors: These factors are based on something the user has, such as a security token or a mobile device. This type of MFA is considered more secure than knowledge-based factors because it requires the user to physically have the device in order to access the system. 
  3. Inherence-based factors: These factors are based on something the user is, such as a fingerprint or a facial recognition. This type of MFA is considered the most secure because it is unique to the user and cannot be easily replicated. Built-in authenticators, such as Touch ID and Windows Hello, use biometric data, such as fingerprints or facial recognition, to verify the user’s identity.
    To use these authenticators as an MFA factor, the user must first set up the biometric data on their device. Once set up, the user can use their fingerprint or facial recognition to access the system instead of a password or PIN.

How to enable MFA with Frontegg

Using the Frontegg Dashboard, you can easily configure MFA for your application by selecting the MFA flow that best suits your needs. In the Builder screen, go to App Settings > Authentication & Security > MFA section.

The first thing you’ll need to do is to define how MFA should be offered to users – MFA can be either forced on users or optional, depending on the level of security you wish to enforce in your application. There’s also an option to force MFA but to exclude users who use SSO as their authentication flow. This is because both login flows provide a similar protection for scenarios where the risk is high, and there’s no need for an end-user to use additional authenticators on top.

Next, you can choose the methods you want to offer your users when they define their own MFA flow. We recommend enabling all methods to provide users more options and flexibility.

And finally, your users will now be able to configure their preferred MFA methods by themselves. Once they’re logged in, they can simply go to Admin Portal > Privacy and Security where they will see all the MFA options you enabled for them.

Choosing any of these options will prompt a different self-served setup process for the user. It should be noted that if MFA is forced on a user, they will have to set up MFA on their first login. 

In this case, they will only be able to set up an authenticator app, SMS, or a security key, as these aren’t device specific methods. Once they do, they’ll also have the option of adding built-in authenticators on top of that.

MFA is available as part of Frontegg’s Growth and Custom plans. Visit our Pricing page for more details.

Summary

In conclusion, MFA can provide a range of benefits that can greatly enhance security, convenience, and ease of use.

One of the most obvious benefits of using the new MFA factors is the improved user experience, and ease of use they provide users when accessing their accounts. For example, built-in authenticators such as Touch ID or Windows Hello allow users to access systems quickly and easily, without having to enter a password or PIN.

We encourage all of our users to give these new MFA options a try and improve the overall login experience of their applications. If you have any questions or need assistance setting up these new options, please reach out to our customer support team.