Skip to main content

Mobile authentication

Mobile authentication is the verification of a user’s identity through the use of a mobile device and one or more authentication methods to ensure secure access. To keep your online services safe, enabling your users to use mobile authentication across their devices is the single most important step you can take.

How FIDO works in a nutshell

Using biometric capabilities of modern mobile devices is a convenient solution to multi-factor authentication (MFA). To verify an individual's identity it uses possession of a mobile device as a first factor, and a unique biometric identifier on that device as a second factor. Combining two factors into one.

QR Code Sign-in

Our product allows organisations to build a seamless mobile authentication experience. The Access App and Mobile SDK are based on the open FIDO UAF standard. We support various biometric authentication methods and fallbacks:

  • Complete FaceID, TouchID support on Apple iPhone devices.
  • Fingerprint support and Biometric Prompt support on Android devices.
  • Secure PIN-based fallback method, if a user does not have biometrics enabled.

For more details please visit our doc repository: Overview | Nevis documentation & FIDO Alliance materials: User Authentication Specifications Overview - FIDO Alliance.

Using this project template, users can sign-up for an account or sign-in using username & password followed by a QR code based 2nd factor authentication - representing the UAF based, out-of-band registration & authentication flows.

There is always a fallback mechanism providing a one-time-password sent to the registered email address as eTAN code.

Important Note

In order to work with this project template you need to have a proper access app installed on your mobile device. There is 2 options:

  1. You can use a demo one (available for both iOS & Android).
  2. You can go through the official process of Ordering an access app and have it dedicated, branded and configured for you.

The project template​

The NEVIS project template Mobile authentication is configured to use an example Web application (http://example.com) by default as a protected web service.

Mobile Authentication

Scenario for testing a successful deployment

  1. Install your mobile access app (iOS or Android) and configure your project according to the template description.
  2. Deploy your project.
  3. Launch your example Web application at https://your_domain_goes_here/app/ - replace “your_domain_goes_here” with your real domain name!
  4. Register a new user and use your access app (already installed on your mobile phone) to authenticate by reading a QR code provided by the server.
  5. Log-out.
  6. Log-in with the account you just registered using your access app to authenticate by reading a QR code provided by the server.
  7. Now it is time to replace the exposed example application by your own service and enjoy the NEVIS security experience!

User-facing flows

The template contains the same account recovery flow as the Simple Sign-up / Sign-in template. You can remove this flow in the nevisIDM Password Login pattern.