Okay LogoOkay Logo

Enabling 2FA on your mobile App in compliance with SCA PSD2

19/12/2019

artifact

What is 2FA

2FA simply refers to two-factor authentication, where two factors are verified in order to authorize a user’s action or authenticate the user. The 2FA authentication/authorization mechanism adds another layer of security to your app, thereby reducing the risk of authorizing malicious users.The factors included in 2FA could be any of the following factors:

  • Knowledge

  • Inherence

  • Possession

The Knowledge factor refers to something the user knows, this could be a pin or password, while the Inherence factor and Possession factor refers to biometrics (metrics that distinctively belongs to the user’s inherent self) and something the user owns respectively.

By adding the extra factors it makes it harder for hackers to be able to access sensitive data or resources if one factor has been compromised.

How Okay provides 2FA support

With Okay you can add an additional layer of security to your apps without having to write or manage the needed security requirements for a secure and trusted transaction. Since the knowledge factor is the basic form of authentication we will just talk about the other two factors here.

Possession factor

Every user enrolled with Okay services has a unique identifier that allows Okay to clearly target each unique user and their device. This means that no other device can be used to authorize transactions other than the device that was enrolled when the user first registered with your app. If the user changes device, Okay updates the user’s information to match the current device and ignores other previously enrolled devices.

Inherence factor

Okay allows you to add this factor to your authorization flow by allowing the user to authorize the transaction with biometrics. This could be fingerprint scanners, face ID or any form of biometrics available on the user’s mobile device.

Typical use cases/scenarios

User Login

If a user wants to login into a protected account, with Okay 2FA enabled, the user would be required to enter a unique pin on their mobile device or use biometrics (which could be the fingerprint scanner on the device) to authorize the login. This provides the needed security, that allows users to be sure that they alone can login to that account.

Verifying OTP for Payments

The use of sending OTPs via SMS is clearly not secure and is vulnerable to hackers. Okay handles encryption and secure display of sensitive data. Okay provides facilities for users to authorize transactions using OTP that is being delivered from your app’s server/backend to your user’s mobile device, with multiple integrity checks that allow the transaction to remain secure and untampered with. This level of security is being provided with Okay code obfuscation and just in time code delivery that makes it difficult for malicious hackers or malware to intercept transactions.