1. The purpose of this post
I would summarize the pros and cons of the mobile push authencation.
2. What is push authentication?
When you register in the website, you link your device with your account
When you login, just provide your username , no need to provide password, your phone would receive a push notification, then you can click it to approve or decline the login request
3. Pros and Cons of the Push Authentication
- password free, users need not remember the password again
- out-of-band, the push notification can be sent via different communication channels
- seamless and user-friendly experience, no app needed, more speedier
- Low cost and Ease of Administration: No need to buy new devices
- More Secure
- no codes
- need user intervention(click to approve)
- If phone stolen, the phone’s pin/touchID/faceID protect the push notification
- Recommended by NIST
- Only work with services of big companies and limited apps
- Most push authentication is only the secondary auth method, they can choose to use SMS based OTP, which makes the service vulnerable
- PA can be compromised,because they are transimited in the clear through push provider(Apple and Google).
- Users tend to click approve
- Users Need a smartphone and internet connection