Scroll to see frequently asked questions or navigate to a specific question form the list below:
- What is Silent MFA?
- How does Silent MFA work?
- What are the authentication options with Silent MFA?
- How do I enable Silent MFA for my customers?
- What if my customers are using biometrics to Authenticate?
- Can our customers use mobile apps or do they need to use a computer?
- Why would I implement Silent MFA over current methods or methods provided by my CIAM?
- What is the difference between a Passkey and Haventec Silent MFA?
- If I implement Haventec Silent MFA, do I still need to send my customers an SMS when they sign in?
- Is an authenticator application required with Silent MFA?
- Does the Haventec Silent MFA solution include device binding?
- Does Silent MFA derive its rolling keys from the password?
- How are users verified as authorised users?
- Does Haventec Silent MFA distribute the public and private key pairs to the enterprise and users device?
- Does Haventec Silent MFA require the user to manage and take responsibility for the storage and protection of their private keys?
- Do I need to use my personal device to login to a work application that is protected by Haventec Silent MFA?
- How does switching between end user devices affect user experience?
- How does Silent MFA weed out a fraudster on multiple devices?
- What if a 'man-in-the-middle' has taken over the end user's machine?
- How does Silent MFA work with shared devices?
What is Silent MFA?
Haventec Silent MFA is a secure multi-factor authentication method that leverages patented cryptographic processes and does not require customer effort. Your customers do not need to switch devices or applications for an additional authentication factor.
Customers simply enter their username and password like they do now. There’s no one-time PINs, call or SMS messages, authenticator apps, tokens, smart cards, USB keys or QR codes.
That’s why it’s silent and entirely seamless.
_____
How does Silent MFA work?
Haventec Silent MFA adds seamless MFA protection to the authentication experience.
Your customers simply enter their username and password (just like they do now). Once the username and password are authenticated, an auth key and the device signature are used to create a private key that is matched against a public key.
The private key is not stored on the customer's device. Our rolling key technology ensures the private key is a one-time use only and created in real time for every authentication event.
What are the authentication options with Silent MFA?
Haventec Silent MFA is uniquely flexible and works on any device without interrupting the digital experience or introducing any change. It works seamlessly with your existing authentication workflow.
Haventec Silent MFA enables your organisation to set the right foundations for modern authentication using patented cryptography, and provides a clear pathway towards passwordless authentication.
How do I enable Silent MFA for my customers?
With Haventec Silent MFA you have the option to seamlessly onboard your entire customer base, or specific customer segments, without them having to go through additional verification. You also have the option to reverify customers using a simple one-time process.
What if my customers are using biometrics to Authenticate?
Customers can still use biometrics at the authentication stage. Once this is successfully completed, Silent MFA will run and is independent of the authentication process.
Can our customers use mobile apps or do they need to use a computer?
Haventec Silent MFA is device and operating system agnostic and designed to work anywhere.
Why would I implement Silent MFA over current methods or methods provided by my CIAM?
Conventional MFA methods(such as SMS or email) provided by CIAM vendors have created a host of issues – ranging from a poor user experience to new types of security threats. Microsoft, for example, has urged its users to avoid call and SMS-based MFA because it is susceptible to compromise.
Conventional MFA methods provided by CIAM vendors also create a clunky user experience that can have a negative impact on corporate revenues, with a study by the FIDO Alliance finding that 58% of customers have abandoned a transaction due to difficulty signing in. According to the W3C, complicated authentication procedures can discriminate against up to 15% of the population with a commensurate reduction in that potential addressable market.
Haventec Silent MFA, on the other hand, provides seamless and secure MFA using patented cryptographic methods that work on any device and are completely invisible to the user.
What is the difference between a Passkey and Haventec Silent MFA?
While a Passkey provides a security uplift to traditional username and password based authentication, the onus is on the customer to set it up which requires effort and some tech knowledge.
This is a key differentiator for Haventec Silent MFA where customers can be onboarded either silently, or by using a single-step secure onboarding process that works natively on any device.
For organisations, Silent MFA provides higher assurance by using rolling private and public keys that are never stored, as opposed to the static keys used by passkeys and stored on a customer’s device and in the cloud.
Finally, Haventec Silent MFA does not require any changes to an application or investment in infrastructure, while Passkeys require a WebAuthn server and enabling WebAuthn in an application.
If I implement Haventec Silent MFA, do I still need to send my customers an SMS when they sign in?
With Haventec Silent MFA, SMS notifications become obsolete and are replaced with Haventec’s patented cryptographic technology. This provides higher assurance at a lower cost and without customer effort.
Is an authenticator application required with Silent MFA?
Haventec Silent MFA does not require authenticator apps, one-time PINs, call or SMS messages, tokens, smart cards, USB keys or QR codes. That’s why it’s silent and entirely seamless.
Does the Haventec Silent MFA solution include device binding?
Device binding is the process of linking a token to a trusted device. Haventec Silent MFA, stores a rolling Auth Key on a user’s device which acts as a token that is used with the device’s signature to create a private key for each authentication event.
Does Silent MFA derive its rolling keys from the password?
The key pairs generated by Silent MFA are completely independent from the user's password. Once a username and password are authenticated using your existing workflow, a rolling auth key and the device signature are used to create a rolling private that is matched against a rolling public key.
How are users verified as authorised users?
To activate Haventec Silent MFA for each new user or device, your organisation has the choice of sending a magic link, typically via email. The customer verifies ownership of the email address by clicking on the magic link. This is a one time and optional event that organisations can use to onboard customers. Completing these steps verifies the customer as an authorised user.
Does Haventec Silent MFA distribute the public and private key pairs to the enterprise and users device?
No. This represents new risks as key compromise can now occur in two places, in turn introducing new key management costs to help mitigate the risks. For enhanced security and cost management, Haventec Silent MFA does not store the private key anywhere.
Does Haventec Silent MFA require the user to manage and take responsibility for the storage and protection of their private keys?
No. For enhanced security and cost management, Haventec Silent MFA does not store the users to store private keys on their devices.
Do I need to use my personal device to login to a work application that is protected by Haventec Silent MFA?
No. Haventec Silent MFA does not require employees to use their personal devices to securely sign into corporate applications that are protected by Haventec Silent MFA .
How does switching between enduser devices affect user experience?
Silent MFA allows users to have multiple devices. Each device has its unique Authkey and is authenticated independently of any other device. The number of allowed devices can be administratively controlled via the Haventec Console.
How does Silent MFA weed out a fraudster on multiple devices?
Silent MFA requires the user to verify each new device. Therefore a bad actor can not log into an application protected by Silent MFA by simply using compromised credentials.
What if a 'man-in-the-middle' has taken over the end user's machine?
It is very challenging for any security solution to protect a compromised end users machine. However, if this is of particular concern, then Silent MFA can be implemented with biometrics.
How does Silent MFA work with shared devices?
Haventec Silent MFA has been designed to allow multiple users to share a single device when logging in using separate profiles. Each user will have their own unique Authkey associated with the device.
If you would like to know more about Haventec Silent MFA, please contact us.
