Earlier this week Appdome announced a new service for adding enterprise-grade Multi-Factor Authentication (MFA) to any mobile app – instantly and without coding. In his previous blog, our co-founder and CTO Avi Yehuda outlines the key reasons MFA is so hard to deliver in mobile apps. I’ll pick up where that blog left off and discuss how Appdome makes it easy to achieve the promise of making MFA Everywhere a reality.
MFA Everywhere Requirements
There are 3 overarching requirements any solution needs to meet in order to deliver a standardized and seamless MFA experience that can be implemented everywhere.
- Easy to build – The solution needs to be easy to implement by developers or non-developers, and easy to maintain by existing IT staff.
- Easy to use – A good MFA solution needs to increase security without degrading the user experience. If an MFA solution confuses mobile users, takes the user out of the native app experience, or imposes tedious steps on them – then they’re just not going to use the app.
- Ubiquitous – Enterprises need an MFA solution that works in any app. And it must function seamlessly across different app types, OS variants, and frameworks – all while presenting the user with a logical and consistent in-app experience. In other words, it must make the complex appear simple. That’s very easy to say, very hard to do.
ALL of the above conditions need to be met all the time. If not, you end up with a solution which is either unusable, infeasible, too costly, or too limited to be useful.
Past Mobile MFA Challenges
Here are some practical examples which reinforce the assertions I just made. Whether you’re an IT professional or a mobile end user, I’m certain these examples will resonate personally with negative experiences you’ve had in the past.
Homegrown or closed/proprietary MFA solutions might start off Easy to use but they are not ubiquitous. If an MFA solution doesn’t work for all the apps your organization uses or requires you to implement additional or redundant services, then it’s not MFA Everywhere. You either get locked into an ecosystem and forced to buy services you don’t really need, or you end up implementing multiple MFA solutions from different providers to increase app coverage.
As soon as you introduce multiple MFA solutions, your MFA is no longer easy to use or easy to implement. And it’s even harder to maintain and operate, not to mention very expensive. Ironically, if one of the reasons you implemented MFA was to eliminate the operational burdens and security risks of password management, then you’re probably right back where you started (or even worse). A metaphor that comes to mind is the proverbial hamster spinning in a wheel.
Usability Rules When it Comes to Mobile Authentication
The thing that will make or break any mobile MFA solution is the user experience. At the end of the day, if your MFA solution is hard to use, you’re toast. Don’t implement solutions which make users jump through hoops or perform tedious steps just to log-in to a single app. Resentment will build and eventually users will do everything in their power to avoid the app.
Example of a Bad MFA Experience
Last month I was reading about a new ‘passwordless’ MFA service from a company who I will not name. To have it work with mobile apps you need to implement the SDK. It’s one of those ‘one line of code’ SDKs, so it must be easy right? First, it wasn’t one line code (there’s no such thing actually), but I’ll leave that aside for now. The SDK is 79 pages long. I don’t know about you, but I’ve never come across anything ‘easy’ which came with a 79-page instruction manual which requires a mobile developer to do anything with it. And it’s not 1 SDK. It’s 4 SDKs (there’s an Android SDK, an iOS SDK, a React Native SDK, and a Cordova SDK). If it’s a mobile SDK then by definition, you’ll need mobile developers AND source code for the app. That’s usually enough to kill the project right there.
But let’s assume you actually got the SDK implemented with your abundance of really expensive mobile developers that have nothing better to do than integrate SDKs (likely 12 to 18 months later). Assuming you still have budget left over after this and you roll the app out to users, let’s now consider the user experience. The mobile user needs to go through a 10-step authentication process, including entering two sets of ‘credentials’, plus an 11-digit pin code randomly generated from a separate authenticator app (don’t worry, the separate app is free). The user toggles back & forth between the two apps to enter the 11-digit pin code before the timer expires. All this to log-in to one app!
Newsflash: Nobody’s going to use that app
Example of a Good MFA experience
In order to deliver on the true promise of “MFA everywhere”, this is what it takes:
- Easy to implement – Instant implementation to any app in a single click, without coding. You’ll be done with the end to end integration in minutes – (faster than you could download an SDK, let alone write code).
- Easy to use – simple, intuitive in-app login process which is consistent across omnichannel environments, works on any mobile app, manages all the complex interactions and differences in app design – and spares the user from all that complexity.
- Easy to deploy – Deploy to any public or private app store, all from the same integrated workflow.
- Easy to scale – integrate multiple apps and/or multiple features at the same time, or automate the entire integration process into your CI/CD auto-deploy infrastructure.
- Easy to customize – Brand your customized apps, add configuration elements, adapt the app to fit into your existing enterprise infrastructure.
- Easy to combine with other services – Multi-service integrations across different mobile service categories – without adding any time to your build cycle.
- Easy to future proof – doesn’t lock you into an ecosystem that limits your own mobile app strategy, distribution or roadmap.
- Easy to instantly integrate into any app – no matter what framework was used to build the app
Create your app in any development environment you want, then come to Appdome to Customize and Enhance it in minutes. Appdome eliminates coding, complexity, and dependencies.
Just go to your Appdome account, select the services you want to integrate – (e.g., OneLogin MFA, Nexmo Verify 2FA, PingID MFA, etc), and click the green button.
Using AI to Make MFA Everywhere a Reality
The actual integration work is done by AMI (short for AI-Enhanced Mobile Integration). AMI is the digital developer inside Appdome that does all the hard work as an extension of the human development or citizen development team.
That’s what mobile developers normally agonize over. Appdome completes the integration by adding the MFA SDKs, workflows, methods and APIs into the app – all while taking into account the various elements, methods, and service interactions of the original app construction.
Then you can deploy your new MFA-enabled app instantly to any public or private app store.
And you can do this FAST! You can do it EASILY! You can do it NOW! From Hamster to Hercules in under a minute!
But don’t take our word for it. Try it for yourself. Open a free Appdome account, and follow the simple steps in our Knowledge Base to add MFA to your app in minutes – without a single line of code.
Now that’s what I call MFA Everywhere!
Appdome – Developer Tested, Mother Approved! Somebody call Stockholm, I see a Mobel Prize in our future!