Coding MFA in an app is hard. It gets worse with non-native apps. And if the app is built in Xamarin, Cordova or React Native, it’s harder still. Or how about adding MFA to 3rd-party apps where you don’t have access to the source code? Impossible.
Enter Appdome for MFA. It solves the problem of providing a way to implement MFA to mobile apps with no code or coding required by developers. With Appdome for MFA, developers and non-developers can enhance any Android and iOS mobile app with Multi-Factor and 2 Factor Authentication services in seconds, speeding mobile app delivery and avoiding complexities in manually implementing third-party SDKs or APIs in the code of their apps.
Why Is Implementing Mobile MFA Hard to Do?
There are two main challenges that make implementing MFA hard.
First, the service provider has to define the MFA elements:
- Are their MFA policies based on access to specific resources?
- Is the challenge based on push notifications, text messages, email?
- Are there different challenges when the app comes from less secure locations?
In short, setting up the MFA policy is a project, I mean a major project, for an admin.
The real challenge, however, and what will truly make or break MFA adoption, is the user experience in the app. Our research told us that there are 5 things that can impact the user experience.
1. Not all environments and devices are created equal
Some devices include fingerprint some facial recognition. Others include none. Some include a SIM card, others include multiple. Many will have a roaming data plan, but not all. Navigating through that is painful. And getting the right flows based on the current state of the environment is a real pain. App developers have to cater to all environments, especially for consumer-facing apps and enterprise BYOD.
2. Not all operating systems are created equal
Using Face ID, Touch ID and PIN code is different between iOS versions. And there is no unified infrastructure in android to achieve local authentication which leads to fragmentation.
3. Vendor lock-in
Once a developer integrates MFA flows from a vendor into an app- switching to another vendor means a complete redo of the app. There is no MFA standard. MFA by definition is a vendor-specific proprietary solution.
4. Authenticator apps are a requirement made by some vendors
In such cases, the developer is betting the app’s ability to authenticate on the presence of another app they do not control on the device. Assuming that the authenticator app was correctly configured (not a given), this is obviously a complex process from an end-user experience standpoint.
5. Error handling and “getting to a working state”
Developers treat authentication as a gate to the “real” app’s functionality. As such, a problem with the “gate” will not let users experience the app. Error handling is critical to MFA. There can be many reasons why the end-user could not authenticate to the app. The text message may not arrive, or the PIN code could wrong. And what if the user switches to a new phone? All of these flows must be separately coded into the app, just to make sure the entire Mobile MFA flow is usable.
MFA Solutions Have to Be End-User Friendly
The most important lesson we kept in mind when developing Appdome for MFA was “who will be using the app”?
For IT-sanctioned apps, users can be instructed to “do this” and “install that”. However, for consumer-facing apps, things must work smoothly and in a predicted manner. Appdome delivers a predictable outcome for all MFA vendors for all MFA flows and for all types of users.
In summary, what keeps MFA from being more broadly adopted is the user experience. Most MFA solutions are created for enterprises, not consumers. Appdome solves that.
If you want to learn how you can create a great end-user experience with Mobile MFA, start your free trial of Appdome for MFA today.