Authentication
Authentication (Authn) is the process of verifying the identity of users, devices, applications, or other entities, providing a level of assurance that they are who they claim to be. Our system provides four levels of authentication assurance:
LoA 1 (Low Assurance)
At AAL1, authentication is typically performed using a single-factor authentication method, such as password or one-time passcodes (OTP) sent via SMS or Email. This level of assurance is suitable for environments with lower security requirements.
Authentication Methods for AAL1:
Password
SMS OTP
Email OTP
TEL (Phone call verification)
LoA 2 (Moderate Assurance)
AAL2 requires multi-factor authentication (MFA), combining at least two independent factors to verify the identity of the user. This may include combinations of passwords, TOTP (Time-based One-Time Password), or Passkeys with methods like SMS OTP, Email OTP, or TEL. This level of assurance is appropriate for systems that require moderate security.
Authentication Methods for AAL2:
Password + SMS OTP
Password + Email OTP
Password + TOTP
Passkeys + SMS OTP
Passkeys + Email OTP
TEL + Password
LoA 3 (High Assurance)
AAL3 involves strong multi-factor authentication to ensure high security, typically using biometrics or physical tokens like smartcards combined with TOTP, Passkeys, or SMS/Email OTP. This level is required for high-risk environments where robust identity verification is essential.
Authentication Methods for AAL3:
Password + Passkeys + TOTP
Passkeys + TOTP + SMS OTP
Passkeys + TOTP + Email OTP
Passkeys + SMS OTP + TEL
Passkeys + Email OTP + TEL
LoA 4 (Very High Assurance)
AAL4 represents the highest level of assurance, involving multiple independent factors, including biometrics, smartcards, Passkeys, TOTP, SMS OTP, Email OTP, and TEL. This level is designed for environments that require maximum security, ensuring a very high level of trust in the user or entity's identity.
Authentication Methods for AAL4:
Passkeys + TOTP + SMS OTP + TEL
Passkeys + TOTP + Email OTP + TEL
Passkeys + TOTP + Biometric Authentication
Authentication Factors
Our system categorizes authentication Factors into three classes:
Something you know: Knowledge-based methods (e.g., passwords, PINs).
Something you have: Possession-based methods (e.g., smartcards, one-time password generators).
Something you are: Biometric-based methods (e.g., fingerprint, facial recognition).
Last updated