On 24/Mar/20 00:19, Eric Tykwinski wrote:

I guess I wasn’t as detailed as should be, multi factor authentication should hopefully have 1 standard which will work for everything. So we have an app on our phone to authenticate after a username/password which give a 6 digit key, or we use a hardware based key to sign a OTP. Really either doesn’t matter, but trying to get endu sers to switch between each for every login is going to hamper acceptance in the large scale.

For all my banking apps in South Africa, I can use username/password, QR code or Face ID, in ascending order of preference. All transactions that have not been pre-approved before require further authentication, typically via SMS approval, which goes to the the registered phone.

Qatar Airways' FQTV app supports Face ID login, but it SMS's and e-mails you an OTP as the 2nd stage of authentication.

So different companies are doing different things, but one thing that is consistent is that there are multiple stages being employed to login.

Mark.