MFA Handling
MFA methods currently supported by the Deck Widget
Most data sources use standard authenticating methods, typically requiring a username and password. However, some sources implement more complex authentication methods to enhance security. Deck Widget is designed to seamlessly support each of these unique authentication methods, ensuring smooth access to data regardless of the source’s requirements.
Deck Widget supports all MFA authentication methods out-of-the-box, with the user able to stay within the Widget experience. You don’t need to configure anything extra for our widget to handle multifactor authentication seamlessly.
Most common types of MFA
| MFA | Requirements |
|---|---|
| One-Time Passcode (OTP) | A two-factor authentication method where the user selects a phone number and an action (text or call) to receive a security code. The user must then enter this code to complete the authentication process. |
| Email One-Time Passcode (Email OTP) | A one-time passcode is sent to the user’s registered email address. The user must retrieve the code from their email and enter it to complete the authentication process. This adds an extra layer of security by ensuring that only someone with access to the registered email account can proceed. |
| Trusted Device or Push Notification | Some sourcess adopt this MFA for users who frequently access their accounts from smartphones or other trusted devices. |
| Standard Question | A standard MFA question is a security measure that requires users to answer a predefined, usually very personal question to verify their identity. |
| Iterable Question | Iterable MFA questions are used when sources need to refresh or reset the user’s security questions during the login process, ensuring credentials remain current and secure. This often occurs after a certain number of incorrect login attempts followed by a successful one, or periodically as a security measure. Users are prompted to create new answers or adjust existing ones to align with updated security protocols. |
Handling Refresh with or without MFA
After your end-users has connected their account(s), you may need to access data from a data source on a regular basis (daily, weekly, monthly, etc.)
Refreshes can be fully automated without requiring the end-user presence, except in the following two scenarios.
- MFA requiring end-user presence: In the scenario of a flow involving MFA such as OTP, end-users will have to link their account again and go through the MFA each time you will want to access refreshed data.
- End-user password has changed: In the scenario where the end-user changed their password, a successful refresh will require them to connect their account again through the Deck Widget.
Updated 13 days ago