Category / Section
Push Authentication
Published:
Push authentication is a mobile-focused method of verifying a user's identity, in which the service provider sends a notification through the most secure communication channel available. The user then responds to the notification by taking an action to confirm their identity and gain access to the service. This type of authentication relies heavily on the possession of the user's device.
It is commonly used as part of a multi-factor authentication (MFA) system, along with other factors such as knowledge-based authentication using a device PIN or biometric verification. Push authentication can be integrated into existing password-based systems or utilized in passwordless solutions based on FIDO architecture.
However, PUSH notifications have also become a target for malicious attacks, as hackers may exploit users' willingness to approve notifications without realizing the potential risks. To learn more about these types of attacks, please refer to information on PUSH Attacks.
It is commonly used as part of a multi-factor authentication (MFA) system, along with other factors such as knowledge-based authentication using a device PIN or biometric verification. Push authentication can be integrated into existing password-based systems or utilized in passwordless solutions based on FIDO architecture.
However, PUSH notifications have also become a target for malicious attacks, as hackers may exploit users' willingness to approve notifications without realizing the potential risks. To learn more about these types of attacks, please refer to information on PUSH Attacks.
Example:
"My email services provider just enabled push-based authentication on my iPhone. Now instead of using passwords to log into the website, I just use a push notification on my phone to approve my login."
