With 68% of use, Mobile Push Authentication is the most adaptive authentication method today. But what is mobile push authentication and is it safe? How to configure the Push login for Multi-Factor Authentication?

What is Push Authentication?

Push notification authentication validates login attempts by sending access requests to an associated mobile device. When you register your account, you link it to a mobile device you own. Afterward, whenever you try to login into your account, you submit your username or ID. Instead of entering your one-time password, you receive an access request notification on your smartphone, which you can approve or decline.

Let us see how to securely log in with One Tap.

 

 

 

 

Advantages and Disadvantages of Push Authentication

A few of the major advantages of Push Login is

• Fast and convenient to use
• Eliminates password fatigue
• Leverages users’ existing mobile device, so no hardware to manage
• Single device registration through one QR code hence more secure

The major disadvantage of Push Authentication is Limited integrations depending on the app 

Many companies do not provide integration for both on-premises and third-party cloud services Apps. So, before downloading make sure It provides QR Code-based enrolment, Push notifications with One-Tap login, spoken OTP, fingerprint protection, and phishing protection.

Phishing protection will use your location to prevent phishing attacks. If a phishing attack is suspected, OpenOTP token application should prompt you something like this:

 

How Push Authentication Work?

Once the user starts the login process for the push notification:

1)A notification is sent to its device.

2) The user clicks on the notification, the authenticator application opens, and then the user is prompted to approve or deny the authentication request pending on a 3rd party system/application.

3)By clicking on the ‘Approve’ button, the current OTP code is automatically picked up and sent to the OTP server.

4)The server validates the OTP provided through the mobile response (approve) and then the user is authenticated.

If the user declines the authentication request, the OTP is not forwarded to the authentication backend, the server can not validate the OTP code and then the authentication attempt on the 3rd party system/application is refused. 

There can be 3 scenarios for the Push Authentication working model:

Scenario 1

 

Scenario 2

 

Scenario 3

 

 

RCDevs OpenOTP Token- Easy, One-Tap Authentication

RCDevs Push Login supports Push notifications in every integration with One-Tap login, OATH Event-based (HOTP) & Time-based (TOTP)

Configuration of Push Login with OpenOTP is simple and it provides enrolment with the User Self- Service desk, User Self- Registration desk, Help desk, WebADM Admin Portal, and WebADM Manager APIs ( custom enrolment)

Download RCDevs Mobile App

RCDevs Push Authentication works with Apple iOS and Google Android. Download RCDevs Mobile App for iPhone or Android – they both support RCDevs Push, passcodes, and third-party TOTP accounts.

RCDevs Push Authentication works on all the devices your users love — like Apple and Android phones and tablets. It also supports biometric authentication, an additional layer of security to verify your users’ identities.

DOWNLOAD NOW

Android

iOS