Secure TFA with a great user experience: Is it possible?

When I started in the online identity management business seven years ago, it was common to hear the mantra that increasing the security of digital property meant degrading the user experience.

It was true.

If your digital property needed second-factor verification, then the process became even more complicated for users. For example, if you wanted to ensure that a user's registration email address was valid, you had to send a link which the user had to click. After remembering the password or resetting it (in more than 35% of cases), the website then had to send an SMS to the user’s mobile phone.

The friction in authentication was increasing, leading to fewer users authenticating. Each additional step increases the chance of the user abandoning the process.

For years, corporate user management and security teams have had to strike a balance by finding a configuration that is not too complex for users while being secure enough.

However, those working in the industry knew that it was impossible to improve the UX without worsening security.

But now, everything has changed.

The OwnID solution considerably improves the user experience when registering or authenticating compared to using an email address and password or to social authentication, and I'll explain why.

OwnID is allowing a passwordless authentication system using your phone's FaceID or fingerprint.

It is much more convenient for users to use their biometric data to authenticate themselves than to remember and type a password. Just as it is easier to unlock a mobile phone with a fingerprint, it is easier to use a fingerprint for authentication on a website.

And it is also a double authentication factor because it is something you are – your biometric data – and it is something you have – your mobile device.

If your mobile device were to get lost, an attacker would not be able to access your account because they would need your biometric data. And in the unlikely event that someone managed to duplicate your fingerprint, they would need your unblocked mobile phone to gain access.

As OwnID does not store any information about your users, the overall system is more secure than authenticating through a social provider. Moreover, the end users won't have to worry about having their personal information stored and handled by a third party. All their data is stored solely by your authentication system.

OwnID, therefore, achieves two essential goals that until very recently were incompatible: you can offer a great user experience while relying on two-factor authentication. And without compromising your privacy.

The conclusion is that it is now possible to unite 2FA and an excellent user experience.

On top of that, OwnID can be integrated into any authentication system with just a few lines of code.

If you want to learn how to implement OwnID on your website, visit our documentation. You can start the implementation from our console. If you have any questions for our team or our community, please join our Discord server.

Are you ready to provide a secure passwordless authentication mechanism to your users?

‍