Patented True Multi-Factor Authentication™ Technology
Our patented True MFA™ technology prevents an attacker who controls either the nextAuth server or the user’s mobile device from impersonating the user. Additionally, our technology ensures logins, authorizations, and signatures made with the nextAuth mobile SDK are non-repudiable. Here’s how:
- The user's second factor is neither stored by the nextAuth mobile SDK nor the nextAuth server. Both need to collaborate in a zero-knowledge protocol to verify the second factor.
- Both parties only learn whether the supplied second factor corresponds to the initially enrolled one from this protocol.
- Only the nextAuth mobile SDK has the private keys needed to log in, authorize, and sign.