Product Docs

Auth Methods and Channels

Auth Armor supports multiple ways to authenticate and authorize your users or employees. They fall into 3 main categories and enable many methods of authentication.

📱Authenticator App

Our custom-built biometric authenticator app enables multiple methods of authentication and is the most secure of all the options, as it is cryptographically secure and allows roaming authentication.

Biometric Authentication & Authorization:

  • This uses either the fingerprint or face id sensors of the user’s mobile phone to verify an authentication or authorization an action. - This is automatically handled by the Auth Armor mobile app.
  • Biometric data does not leave the device and the Auth Armor service does not keep a copy.
  • Auth Armor simply uses the phone’s own internal verification system to sign a cryptographic message verifying that the authentication/authorization is valid.
  • This prevents replay and other biometric-based attacks as the user’s biometric data is never moved anywhere/stored by Auth Armor.

Push Authentication & Authorization:

  • Under this scenario, a push notification is sent to the user’s device to enable usage in the authentication/authorization action.
  • E.g. A code is sent to the user’s text message channel and the user uses this to complete the authentication action in the mobile app.

QR Codes Authentication & Authorization:

  • Under this scenario, a QR code is shown in your app for the user to scan with the Authenticator App.
  • Upon scanning, the user is logged in if they are pre-authenticated into the Auth Armor app already.

Nameless Authentication & Authorization:

  • Under this scenario, the user will not need to fill any information into your app but then Authenticate/Authorize it using the Auth Armor App by scanning a QR Code.
  • Auth Armor as part of this method, will hand over their pre-authenticated information used in the app itself, making it easier to authenticate into your app and for you to as well still achieve getting the user’s details.

FIDO Standards Authentication & Authorization:

  • Under the FIDO standard authentication/authorization, you can use the Auth Armor app to serve as your authentication hardware device for authenticating users into your app.
  • FIDO is a multifaceted auth architecture and the Auth Armor App can be used to serve as part of its broader architecture components.

Visual Verify Authentication & Authorization:

  • Under this scenario, on authentication or authorization on the app’s screen. The user will need to scan a QR code or enter a push notification code for the Auth Armor to allow the continuation of an auth in.
  • This variant of a simple login is to prevent muscle memory actions so users are forced to understand the importance of any authentication/authorization flow this variant is used in.
  • This can be used as the option for very high-stakes authentication/authorization scenarios to prevent users from mistakenly performing them.
  • E.g. An account deletion, Wiring of all funds in a bank account, etc.

🛡️ WebAuthn

WebAuthn is a new security standard that has been developed in part by the FIDO alliance. Members of this alliance include Google, Apple, Microsoft, and many more. WebAuthn is, in our opinion, the future of all authentication for the web. The Auth Armor Authenticator is using WebAuthn for all authentication options that it supports.

  • Auth Armor integrates into this native authentication method and provides an interface to you that allows you to integrate into this feature easily.
  • This is used to replace the Auth Armor app under any extra authentication/authorization scenario where the Auth Armor app cant be used.

Under WebAuthin, Auth Armor supports the following:

✉️ Magiclink Emails

Magiclink emails, or one-click emails are a newer authentication and authorization method that relies on the trust of a user's email inbox. Magiclink emails are sent to a trusted and verified email address belonging to the user. The user clicks on the link inside the email to authenticate, thereby logging the user in or another action you can specify.

MagicLinks Authentication & Authorization via Email

  • Under this scenario, a regular email is sent to the user upon provision of their trusted email in the account creation process.
  • Upon clicking on the link in the email, the user is authenticated/authorized.
  • Magic links work great for basic authentication/authorization needs but is not recommended for high-priority tasks like financial-based actions etc.