Passwordless MFA System: Core Product Development
Highlights
In 2018, Identité, an American seed-funded startup in authentication solutions, turned to PSA for turnkey product development. At the PoC stage, we presented the solution called NoPass® that allows for the easiest-to-use, 100% secure, and passwordless multi-factor registration and authentication. The PSA team introduced and patented a new authentication standard, and the next step was to develop an ultimate product ready to be launched to the market.
Challenge
Customer Challenge
Get a workable unique passwordless MFA tool solution to go to market.
Project Objective
Develop a top-secure passwordless MFA solution that has no analogs in the world within a strict budget without clear requirements.
Solution
To succeed in the unique application development we utilized mixed SCRUM and Waterfall development approaches. It allowed our team to be flexible to accept constantly changing requirements, and implement just proposed new features to the app without sacrificing ongoing activities.
To help achieve the safest, two-way authentication for both services and the users, PSA developers chose the following methods:
-
Passwordless registration and authentication
-
Full Duplex Authentication®
-
Social media login
-
Android and iOS support
-
Complete user lifecycle and consent management
NoPass offers to authenticate the user via “something you know,” – username or social identity; “something you have” – secure token on the phone; and “something you are” – the biometric from that same phone.
Websites enabled with NoPass incorporate a QR code that the user simply scans with their smartphone or taps if accessing the site from a mobile device. Once the NoPass app is installed on the user's phone, future authentications automatically launch the NoPass app, which uses a combination of an image and number for simple visual verification, as well as the built-in biometric capabilities of the device.
To ensure its usage for enterprises, namely, achieve trouble-free operation of the system, and improve its performance and usability, our development team executed the following activities:
-
RADIUS-protocol support by creating new use cases.
-
Step-up Authentication for bank transactions
-
Release of the NoPass client for the Windows operating system that repeats the functionality of a mobile application, including receiving push notifications. This functionality is important for enterprise environments and using the app on multiple devices simultaneously.
-
Support for YubiKey protection for additional protection of NoPass authorization by confirming the user with a token generated by a physical key.
-
Integration of Windows unlocks using NoPass.
-
Creation of an external API for the possibility of flexible integration with external tools, and automation of user registration in NoPass.
-
The ability to integrate NoPass within the RDP gateway for the convenience of remote work within the enterprise environments.
-
Improving Single Device Experience for logging in to websites from mobile apps without switching windows.
-
Added examples of the integration of NoPass into the SecureBank mobile app, as well as Healthcare portals.
-
Performed regression testing using an automated test system within a test farm. This allows running automated tests on a wide range of real physical devices.
By using PKI and OTP technologies, NoPass has developed a simple and secure Full-duplex authentication method, which authenticates the services as well as the users. As a Full-Duplex Authentication® system, NoPass uniquely verifies both the app on the user's device and the connection to the server eliminating all chances for man-in-the-middle, spoofing, or phishing attacks.
Development Included
- Architecting a state-of-the-art authentication solution
- Implementing innovative security measures
- GUI design and development
- GUI multilingual support
- Use cases creation
- CI and CD setup
- User experience testing
- Functional and acceptance testing
- Automation testing
- Regression testing
- Smoke testing
Result
-
The first highly secure alternative to password-based authentication
-
The budget was saved by 10%
-
ROI is about 2 years
Technology Breakdown
Further Cooperation
To bring solution to the market we deployed the server infrastructure and provided a platform for product sales.