inWebo 2-Factor Authentication Scenario (aka MFA)
The authentication server verifies 2 different pieces of information
“2-factor” literally means that 2 different pieces of information are checked when someone tries to sign in to Mark’s account protected by inWebo MFA, or tries to make a high-value transaction on Mark’s behalf:
- That this person has access to one of Mark’s trusted devices at the time of access. A device is trusted to belong to Mark by inWebo if it has been enrolled and contains some data that have been linked to Mark’s profile (device credentials)
- That this person knows Mark’s secret PIN or is able to pass a challenge from a biometric sensor initialized with Mark’s data
If the person trying to access Mark’s account can provide these 2 pieces of information, there’s a very high chance that this person is indeed Mark trying to access his account. Actually, the pieces of information are not transferred to inWebo authentication server, only a cryptographic proof – a one-time hash code – is transferred. Both pieces of information are verified at the same time by inWebo. In this mode, the authentication process is entirely delegated to inWebo, therefore you no longer need to store Mark’s credentials in your system.