As an application owner, you’re well aware of the need to secure access for your users. You may have thought about or even have already implemented an authenticator app from Google or Microsoft to help ensure those that have access to your applications are legitimate users.
An authenticator app uses tools such as push notifications, time-based one-time passcodes (OTPs), and QR codes to authenticate users when they log into web-based applications. When implemented correctly, these apps provide secure multi-factor (MFA) and can even eliminate the need for passwords on user accounts.
While it’s tempting to use a readily available authenticator app, there are benefits to deploying a custom one that’s unique to your services. Below we list the 5 key reasons you should consider your own vs. relying on third party solutions.
First and foremost is security. Instead of relying on policies established by the vendor, you have full end-to-end control of what can and cannot be done with the authenticator app. You can determine which authentication methods can be used on the web application such as push notifications, OTPs, and QR codes. For the mobile device, you can set which options can be used including biometrics, PIN codes, or pattern swiping. You can apply various policy restrictions based on elements such as location, device characteristics, and historical data associated with the device. Behind the scenes you can fine tune the data that is passed from the mobile device to your services in ways that aren’t possible with off-the-shelf solutions and you don’t have to share that data with third parties. And this all comes with the flexibility to make changes to meet your needs instead of waiting for features to be supported in the future. The authenticator app is yours and yours alone.
If you already have a mobile app for your service you may want to consider embedding your authenticator into it. With one app, your users won’t need to download two separate ones and you can leverage mobile authentication within the mobile app to provide additional security and other features. There’s still the option to offer both embedded and standalone authenticators to provide maximum flexibility to support users who use or don’t use your existing mobile app.
Instead of driving users to third-parties for a generic experience that’s shared with other service providers, you can control and reinforce your organization’s brand and messaging with a custom authenticator app. Some services, like Transmit Security, offer the capability to easily design and brand your own authenticator without the development and management overhead of traditional mobile app deployments.
The user experience during the authentication process is paramount. It is the entry point to your service and sets user expectations in many different areas from ease of use, intuitiveness, and even how they think they’ll be treated as a customer. Anything less than perfection can sour the user experience and may even lead new users to abandon your service. With a custom authenticator app you control everything from appearance items like colors, fonts and fields to advanced settings like alerts, authentication alternatives, and error handling.
Having your own authenticator app doesn’t mean that you can’t use Google or other authenticators. You control which options to give to your users based on how you configure your web applications. An identity management platform like Transmit Security can simplify the process of presenting and coordinating the different options and apply business rules of which to use when users log into your services.