Using a mobile application for user authentication is easier to deploy than hardware tokens or USB dongles.
However, this solution requires that all users have a smartphone and that they have installed and enabled the MFA application.
Visual Guard bypasses this problem and allows a wider adoption of strong authentication.
Rather than using a stand-alone token (Application or hardware) and having the user enter the OTP (one time password) into a desktop client, a mobile application or a browser page, the in-App MFA allows you to generate the OTP directly in the authentication interface.
This approach replaces the use of tokens, smartphones, soft-token and even short-text codes for authentication.
There are two methods to implement the in-APP MFA:
As the MFA library is integrated into the native or web application, there is nothing more to install by the user: no application, no plugin, no extension. This is why this mode is called "tokenless MFA".
The application, the client, or the browser must first be activated and linked to a user account.
The process is the same as with an authentication App or a hardware token. The application / client / browser literally becomes an authentication tool, storing the identity information that will be used for authentication (the "what I have" authentication factor). The MFA library manages this information on behalf of the application: transmission, communications with the authentication server, updates, protection and usage.
When connecting to the application via the App, the desktop client or the browser, the user is prompted to enter a password or biometric trait (or "nothing" in the case of a "2nd factor" scenario). The library uses this information and the identity information provided by the App / desktop client / browser to generate an OTP.
The OTP is used in the authentication request sent to the server by the application.
There is very little change for the user compared to a traditional, non-MFA authentication. Ease of use is one of the main advantages of in-App authentication.
Since OTPs are not displayed, the multi-factor authentication integrated into the application (in-App MFA) surprises because of its similarity to password authentication.
User experience is outstanding, but what about security?
To put it simply, it's exactly the same as the security of a 2FA (two-factor authentication) hardware or App token:
Unlike all other second-factor methods such as smart cards, hardware tokens, MFA applications or SMS, multi-factor in-App authentication - based on an App, a client or a browser - provides optimal security to any application without impairing the user's experience.