Many companies now enforce two-factor authentication (2FA) in the sign-in process to ensure that only authenticated users gain access to sensitive data, by enabling 2FA you force your users to wait to receive a verify code and verifying it before gaining access to sensitive resource.
Even if 2FA has been disabled by a user, hacker or bot - all logins are still monitored for high-risk behavioral anomalies.
If we detect a login feature that does not match a user's behavioral profile - a suspicious IP address, a new country, an unrecognized device or any of many other risk factors - you can send notifications to your app and your users and make them aware of the threat.
Our solution allow for an improved user experience in your app by not asking for a two-factor code each time you log in.
Instead, we verify the identity of the user based on the risk profile of the current login date. If the user does not have two factors enabled and the login risk assessment value is high, you can notify the user by e-mail or SMS that his or her account is compromised.
Your app may decide to skip the two-factor code if the user seems to be what it should be. If the risk is high,you can trigger the typical two-factor authentication flow.
All the traditional authentication systems performs authentication only during the login phase and most active sessions don't have a mechanism to detect if the current user is the same as the one that was originally authenticated.
SecureNative provides a real-time score flows, that can be used to identify a user based on a behavioral profile which is refined during the usage of your application. Our solution enables your application to check if user is no longer the person who is claims to be, during the lifetime of the app. If the risk to a user is medium, you can ask him to confirm his identity with a two-factor authentication code. If the risk is extremely high, you can take action and end the user session and force log out.
By verifying the user before making critical actions in your application, you can mitigate the risks of session hijacking or Man in the Middle (MITM) attacks that may have happened since the user last authenticated.