Features and Capabilities

Auth Armor has several features and capabilities you can utilize for authentication and authorization.
All of these features are included with every account.

Biometrics

Biometric Authentication is secure, easy to use, and fast. We are all used to the biometric capabilities on smartphones and this technology is getting more and more common.

When using biometric authentication, biometric data does not leave the device. This means Auth Armor does not have a copy of anyone's biometrics data. Biometric authentication works by validating the data directly on the device, then signing a cryptographic message that proves the biometric authentication was valid. This prevents replay and other attacks and ensures that the user's biometric data is never stored by Auth Armor.

Supported Auth Methods

  • Auth Armor Authenticator
  • WebAuthn

Push Authentication

Push authentication is a quick and easy way to alert users of a pending authentication or authorization. This can be useful in many scenarios, including out-of-band authentication.
Push authentication sends a notification to the user's devices enabling quick and easy authentication directly from the user's mobile devices.

Supported Auth Methods

  • Auth Armor Authenticator

QR Codes

QR Codes are easy to use and scan on nearly any mobile device. QR Codes can also enable usernameless authentication (see below). With QR Codes, users simply scan the QR code and then authenticate on their mobile device.

Supported Auth Methods

  • Auth Armor Authenticator

Usernameless

Usernameless sounds weird, but it simply means the user does not need to enter a username or email address to start the authentication flow. Instead, the user can provide credentials that state who they are. Usernameless is another handy security option that enables your app or website to not even render an input field, making attacking your application even harder.

Supported Auth Methods

  • Auth Armor Authentication
  • WebAuthn (coming soon)

FIDO Standards

FIDO stands for Faster Identity Online. FIDO has created several standards, including WebAuthn. When using FIDO standards, you can trust the authentication and authorization are built using technology that has been tested and is proven secure. Unlike some providers, Auth Armor does not roll its own security, instead, we rely on these standards to ensure secure and safe security.

Supported Auth Methods

  • Auth Armor Authenticator
  • WebAuthn

Visual Verify

Visual Verify is a feature that allows you to show a prompt on the auth screen. Once a user scans a QR code or gets a push authentication for the Auth Armor Authenticator, the app will show 4 options to choose from. The user must match one of these options with the value that is being displayed on the screen. This feature helps to prevent muscle memory and prevents users from just accidentally approving the message without understanding what it is for.

Supported Auth Methods

  • Auth Armor Authenticator

Magiclink Emails

Magiclink emails are a quick and easy way to authenticate users. The trust is not based on any encryption or cryptography, rather it is based on the trusted email access of the user. It follows the same principles of the old "forgot password" mentality, where you send a user a link to the trusted and verified email address on file. If the user gets the email and clicks the link, then trust is assumed.

Magiclinks do not provide the ultimate in security, but they are convenient. We recommend to only use for basic purposes and not for any financial or high-security operations.

Supported Auth Methods

  • Magiclink Emails

What’s Next
Did this page help you?