Phish-resistant: Beyond Identity MFA

What is Beyond Identity MFA?

Beyond Identity MFA is an MFA solution centered around cryptographic keys bound to a device, eliminating passwords and shared secrets from the authentication process.

An application (agent) is installed on the device (endpoint) that performs the authentication process and establish identity for a user.

Why is Beyond Identity MFA phish-resistant?

The primary reason our MFA solution is phish-resistant is due to the cryptographic communication protocols used during authentication flow.

However, our approach to phish-resistance extends beyond traditional methods. Consider these advanced phishing topics:

  • Agent on the Endpoint: a trusted, hardware-bound application on the device ensures keys don't move, and that the authentication process is not compromised over the network.
  • Secure Launch Mechanisms: the initial launch of the authentication mechanism must be just as secure as the rest of the process and should not be tampered with by an adversary.
  • Verifier Impersonation Resistance: strict measures are taken to prevent attackers from masquerading as authentication verifiers, providing protection against sophisticated phishing tactics.
  • Authenticator Assurance Level: A NIST standard for assessing the level of trust for authentication. Our MFA solution meets the criteria for their highest level of trust (AAL level 3).

Not just identity, but device trust

In addition to providing identity, our solution provides device compliance and trust.

During authentication, risk signals are collected from the device (firewall status, antivirus status, etc.) and existing security solutions (EDR, MDM, ZTNA, etc.) to enrich an authentication decision.

Continuously validate your users and their devices

Identity and device trust doesn't just stop after the initial login. Our solution continuously validates the user's identity and device compliance throughout their session, alerting and taking action if any risk factors arise on the device.

Learn more about our Secure Workforce product or sign up below and experience Beyond Identity today.

Experience MFA done right

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.