FAQ
Is FIDO U2F supported?
Q: Is the FIDO U2F standard supported in Nevis Mobile Authentication?
A: No, Nevis Mobile Authentication is built around the FIDO UAF 1.1 standard.
What are the advantages of Nevis Mobile Authentication?
Q: What are the advantages of Nevis Mobile Authentication for customers?
A: The advantages for your customers are...
- Faster way for authentication
- The biometrics will stay on the device
- Reduces reliance on over-complicated passwords
- A single gesture is enough to login
- Works with same devices people use every day
- Customers can use the same authentication method with different services
- Protects against phishing, man-in-the-middle and replay attacks, no server-side shared secrets to steal
- The services or accounts cannot be linked
Q: And what are the advantages for my company as a service provider?
A: The advantages for you as a service provider are...
- Reduced risk of fraud
- You do not need to store secrets on the FIDO server and are thus not as exposed to attackers as other systems.
- In case of a server breach, no secrets may be stolen
- Compliance with various regulations such as PSD2
Can I configure trusted authenticators?
Q: I'd like to only allow a very specific set of authenticators. E.g., only the ones I'm providing myself. Can I freely configure the allowed authenticators?
A: Yes, this is possible. The nevisFIDO component of the Nevis Mobile Authentication solutions allows to define a custom meta-data service. Through the meta-data service, it's possible to define which authenticators you accept as trusted authenticators.
What if my mobile devices do not have built-in FIDO capabilities?
Q: What if my mobile devices do not have a built-in FIDO UAF 1.1 client or FIDO UAF 1.1 authenticators?
A: Nevis Mobile Authentication aims to support mobile devices without built-in FIDO UAF 1.1 support. This will be done by providing a client SDK which allows to build in FIDO UAF 1.1 client capabilities including authenticators into an existing mobile application or into a dedicated access app.
What are the pros and cons of a built-in Nevis Mobile Authentication Client vs. an Access App?
Q: Nevis Mobile Authentication supports built-in Nevis Mobile Authentication clients and dedicated access apps. What are the advantages and disadvantages of each of these methods?
A: The features of each deployment method are depicted in the table below:
| Built-in integration | Access app | |
|---|---|---|
| No context switch | ✅ | ❌ |
| Number of applications to install | 1 | 2 |
| Shared usage of one application for authentication by multiple business apps | feasible but confusing user experience | clear user experience |
| Requires separate registration on each device | ✅ | ✅ |
| In-band registration | ✅ | ✅ |
| In-band deregistration | ✅ | ✅ |
| In-band authentication | ✅ | ❌ |
| In-band transaction confirmation | ✅ | ❌ |
| Out-of-band transaction confirmation | ✅Push notification handling (if needed) must be implemented by the App | ✅ |
Can Nevis Mobile Authentication be configured with nevisAdmin?
Q: Can Nevis Mobile Authentication be configured with nevisAdmin?
A: Support of Nevis Mobile Authentication is integrated into nevisAdmin4. However, there will be no Nevis Mobile Authentication support for nevisAdmin3.
Can I use nevisFIDO without the other Nevis components?
Q: Nevis Mobile Authentication requires nevisProxy as well as nevisAuth as components of the solution. Why can I not just run nevisFIDO to do FIDO UAF authentication?
A: Nevis Mobile Authentication is designed as an end-to-end solution. nevisFIDO is just one component of that solution. By itself, nevisFIDO does not provide you with the functionality required to do FIDO UAF authentication.