Skip to main content

Low cost multi-factor authentication using mobile phones

NOTE THIS TOPIC USED IN PRODUCT DOCS AND TRAINING DOCS

Bravura Security Fabric supports low-cost, multi-factor authentication into its own request portal, using a smart phone as a secondary authentication factor.

This solution is implemented using two technologies included with Bravura Security Fabric :

  1. Managed enrollment, which automatically invites users to:

    • Provide their mobile phone number; and/or

    • Provide their personal email address; and/or

    • Install the Bravura One app on their phone.

  2. Having enrolled,

    1. If the user connects from outside the private/secure corporate network, start with a CAPTCHA.

    2. Next, prompt for the user’s login ID.

    3. Fingerprint the user’s browser – if the indicated user has signed on successfully from the same browser before, this fact can act as an unobtrusive authentication factor.

    4. If the user connects from a browser or location not seen before, prompt for another factor, which may be any of the following:

      • If the user has been activated to use a third party MFA technology, such as a one time password token (e.g., RSA SecurID) or a third party app (e.g., Duo Security, Okta Verify), use that.

      • If the user had previously installed Bravura One on their phone, either use push notification to display a PIN on their phone or display a cryptographic challenge in the login screen as a QR code, which the user scans with the app.

      • If the user had previously enrolled their mobile phone number, send a PIN to the user’s phone, via SMS and prompt the user to enter it.

      • If the user had previously enrolled their personal email address, send a PIN to that address, on the assumption that the user has email access on their phone.

    5. Users may be prompted to select one of several MFA options or one of several alternatives for the same option (e.g., send a PIN via SMS to one of multiple mobile numbers or email addresses).

    6. Finally, depending on whether the user remembers his password, prompt the user to enter it or answer a series of security questions. Using a second, ”knowledge” factor reduces the risk of compromised authentication due to lost or stolen phones or hardware tokens.

See Mobile Access for detailed information about installing and configuring Bravura One .

In this section: