Silent MFA - Frequently Asked Questions

_____

 

What is Silent MFA?

Haventec Silent MFA is a secure multi-factor authentication method that leverages patented cryptographic processes and does not require customer effort. Your customers do not need to switch devices or applications for an additional authentication factor.

Customers simply enter their username and password like they do now. There’s no one-time PINs, call or SMS messages, authenticator apps, tokens, smart cards, USB keys or QR codes.

That’s why it’s silent and entirely seamless.

Back to top

_____



How does Silent MFA work?

Haventec Silent MFA adds seamless MFA protection to the authentication experience.

Your customers simply enter their username and password (just like they do now). Once the username and password are authenticated, an auth key and the device signature are used to create a private key that is matched against a public key.

The private key is not stored on the customer's device. Our rolling key technology ensures the private key is a one-time use only and created in real time for every authentication event.

Back to top

_____

 

What are the authentication options with Silent MFA?

Haventec Silent MFA is uniquely flexible and works on any device without interrupting the digital experience or introducing any change. It works seamlessly with your existing authentication workflow.

Haventec Silent MFA enables your organisation to set the right foundations for modern authentication using patented cryptography, and provides a clear pathway towards passwordless authentication.

Back to top

_____

 

How do I enable Silent MFA for my customers?

With Haventec Silent MFA you have the option to seamlessly onboard your entire customer base, or specific customer segments, without them having to go through additional verification. You also have the option to reverify customers using a simple one-time process.

Back to top

_____

 

What if my customers are using biometrics to Authenticate?

Customers can still use biometrics at the authentication stage. Once this is successfully completed, Silent MFA will run and is independent of the authentication process.

Back to top

_____

 

Can our customers use mobile apps or do they need to use a computer?

Haventec Silent MFA is device and operating system agnostic and designed to work anywhere.

Back to top

_____

 

Why would I implement Silent MFA over current methods or methods provided by my CIAM?

Conventional MFA methods(such as SMS or email) provided by CIAM vendors have created a host of issues – ranging from a poor user experience to new types of security threats. Microsoft, for example, has urged its users to avoid call and SMS-based MFA because it is susceptible to compromise.

Conventional MFA methods provided by CIAM vendors also create a clunky user experience that can have a negative impact on corporate revenues, with a study by the FIDO Alliance finding that 58% of customers have abandoned a transaction due to difficulty signing in. According to the W3C, complicated authentication procedures can discriminate against up to 15% of the population with a commensurate reduction in that potential addressable market.

Haventec Silent MFA, on the other hand, provides seamless and secure MFA using patented cryptographic methods that work on any device and are completely invisible to the user.

Back to top

_____

 

What is the difference between a Passkey and Haventec Silent MFA?

While a Passkey provides a security uplift to traditional username and password based authentication, the onus is on the customer to set it up which requires effort and some tech knowledge.

This is a key differentiator for Haventec Silent MFA where customers can be onboarded either silently, or by using a single-step secure onboarding process that works natively on any device.

For organisations, Silent MFA provides higher assurance by using rolling private and public keys that are never stored, as opposed to the static keys used by passkeys and stored on a customer’s device and in the cloud.

Finally, Haventec Silent MFA does not require any changes to an application or investment in infrastructure, while Passkeys require a WebAuthn server and enabling WebAuthn in an application.

Back to top

_____

 

If I implement Haventec Silent MFA, do I still need to send my customers an SMS when they sign in?

With Haventec Silent MFA, SMS notifications become obsolete and are replaced with Haventec’s patented cryptographic technology. This provides higher assurance at a lower cost and without customer effort.

Back to top

_____

 

Is an authenticator application required with Silent MFA?

Haventec Silent MFA does not require authenticator apps, one-time PINs, call or SMS messages, tokens, smart cards, USB keys or QR codes. That’s why it’s silent and entirely seamless.

Back to top

_____

 

Does the Haventec Silent MFA solution include device binding?

Device binding is the process of linking a token to a trusted device. Haventec Silent MFA, stores a rolling Auth Key on a user’s device which acts as a token that is used with the device’s signature to create a private key for each authentication event.

Back to top

_____

 

Does Silent MFA derive its rolling keys from the password?

The key pairs generated by Silent MFA are completely independent from the user's password. Once a username and password are authenticated using your existing workflow, a rolling auth key and the device signature are used to create a rolling private that is matched against a rolling public key.

Back to top

_____

 

How are users verified as authorised users?

To activate Haventec Silent MFA for each new user or device, your organisation has the choice of sending a magic link, typically via email. The customer verifies ownership of the email address by clicking on the magic link. This is a one time and optional event that organisations can use to onboard customers. Completing these steps verifies the customer as an authorised user.

Back to top

If you would like to know more about Haventec Silent MFA, please contact us.