Skip to main content
Version: 2.4.x.x Java 8 ELS

FAQ

Is FIDO U2F supported?

Q: Is the FIDO U2F standard supported in Nevis Mobile Authentication?

A: No, Nevis Mobile Authentication is built around the FIDO UAF 1.1 standard.

What are the advantages of Nevis Mobile Authentication?

Q: What are the advantages of Nevis Mobile Authentication for customers?

A: The advantages for your customers are...

  • Faster way for authentication
  • The biometrics will stay on the device
  • Reduces reliance on over-complicated passwords
  • A single gesture is enough to login
  • Works with same devices people use every day
  • Customers can use the same authentication method with different services
  • Protects against phishing, man-in-the-middle and replay attacks, no server-side shared secrets to steal
  • The services or accounts cannot be linked

Q: And what are the advantages for my company as a service provider?

A: The advantages for you as a service provider are...

  • Reduced risk of fraud
  • You do not need to store secrets on the FIDO server and are thus not as exposed to attackers as other systems.
  • In case of a server breach, no secrets may be stolen
  • Compliance with various regulations such as PSD2

Can I configure trusted authenticators?

Q: I'd like to only allow a very specific set of authenticators. E.g., only the ones I'm providing myself. Can I freely configure the allowed authenticators?

A: Yes, this is possible. The nevisFIDO component of the Nevis Mobile Authentication solutions allows to define a custom meta-data service. Through the meta-data service, it's possible to define which authenticators you accept as trusted authenticators.

What if my mobile devices do not have built-in FIDO capabilities?

Q: What if my mobile devices do not have a built-in FIDO UAF 1.1 client or FIDO UAF 1.1 authenticators?

A: Nevis Mobile Authentication aims to support mobile devices without built-in FIDO UAF 1.1 support. This will be done by providing a client SDK which allows to build in FIDO UAF 1.1 client capabilities including authenticators into an existing mobile application or into a dedicated access app.

What are the pros and cons of a built-in Nevis Mobile Authentication Client vs. an Access App?

Q: Nevis Mobile Authentication supports built-in Nevis Mobile Authentication clients and dedicated access apps. What are the advantages and disadvantages of each of these methods?

A: The features of each deployment method are depicted in the table below:

Built-in integrationAccess app
No context switch
Number of applications to install12
Shared usage of one application for authentication by multiple business appsfeasible but confusing user experienceclear user experience
Requires separate registration on each device
In-band registration
In-band deregistration
In-band authentication
In-band transaction confirmation
Out-of-band transaction confirmation✅Push notification handling (if needed) must be implemented by the App

Can Nevis Mobile Authentication be configured with nevisAdmin?

Q: Can Nevis Mobile Authentication be configured with nevisAdmin?

A: Support of Nevis Mobile Authentication is integrated into nevisAdmin4. However, there will be no Nevis Mobile Authentication support for nevisAdmin3.

Can I use nevisFIDO without the other Nevis components?

Q: Nevis Mobile Authentication requires nevisProxy as well as nevisAuth as components of the solution. Why can I not just run nevisFIDO to do FIDO UAF authentication?

A: Nevis Mobile Authentication is designed as an end-to-end solution. nevisFIDO is just one component of that solution. By itself, nevisFIDO does not provide you with the functionality required to do FIDO UAF authentication.