Enabling 2FA on Your Mobile App in Compliance with SCA PSD2
First published: 16/12/2019
updated: 01/12/2022
Ben Ogie
What is two factor authentication (2FA) and how does it protect your users? Read this week’s post to better understand how the Okay solution ensures all authentication requirements safely and securely.
What is 2FA?
2FA refers to two-factor authentication, where two factors are verified in order to authorise a user’s action or authenticate the user. The 2FA authentication/authorisation mechanism adds another layer of security to your app, thereby reducing the risk of authorising malicious users.
The factors included in 2FA could be any of the following factors:
- Knowledge
- Inherence
- Possession
The Knowledge factor refers to something the user knows, this could be a pin or password, the Inherence factor refers to biometrics (metrics that distinctively belongs to the user’s inherent self), and the Possession factor is something the user owns, respectively.
By increasing the required factor from one to two, it makes it harder for hackers to access sensitive data or resources if one factor has, by chance, been compromised.
How Okay Provides 2FA Support
With Okay, you can add an additional layer of security to your apps without having to write or manage the security requirements needed for a secure and trusted transaction. Since the knowledge factor is the basic form of authentication, we will just talk about the other two factors here.
Possession Factor:
Every user enrolled with Okay has a unique identifier that allows us to target each user and their device. This means that no other device can be used to authorise transactions other than the device that was enrolled when the user first registered with your app. If the user changes device, Okay updates the user’s information to match the current device and ignores any other previously enrolled devices.
Inherence Factor:
Okay allows you to add an inherence factor to your authorisation flow by allowing the user to authorise the transaction with biometrics. This could be a fingerprint scanner, face ID, or any form of biometrics available on the user’s mobile device.
Typical Use Cases/Scenarios
User Login
If a user wants to log in into a protected account, with Okay 2FA enabled, the user would be required to enter a unique pin on their mobile device, or use biometrics (such as the fingerprint scanner on the device) to authorise the login. This provides the security needed to allow the user to be sure that they alone can login to that account.
Verifying OTP for Payments
The use of sending OTPs via SMS is not very secure, and is vulnerable to hackers. Okay handles encryption and secure display of sensitive data by providing facilities for users to authorise transactions using OTP that is being delivered from your app’s server/backend to your user’s mobile device. This is done through multiple integrity checks that allow the transaction to remain secure and untampered with.
This level of security is being provided with Okay code obfuscation and just in time code delivery, each making it difficult for malicious hackers or malware to intercept transactions.