Second-Factor Authentication -> Multi-Factor Authentication

The initial goals

• Explore an detail 2FA technologies
• Identify a prospect service or community
• Develop a prototype solution that would
• Validate at least one selected technology
• Demonstrate and make it appealing to IdPs and other potential users

Decided to systematise finding in a comprehensive report instead

Next sprint

• Offer the document as a starting point in a dialog with potential users
• Make an actual prototype / pilot solution

​

1

Achievements, chronologically

1. (4.1) Commonly available methods (starting from SURF Remote Vetting report)
2. (Appendix) Detailed BPMN workflows
3. (3) Taxonomy of actions
• C: Common actions, I: Application and Initiation, V: Identity proofing and information Verification, B: Factor Binding and activation
4. (4.3.2) Unconventional identity assurance
• Vetting of project participants and distribution of second-factor authentication tokens
• Piggybacking existing delivery and money transfer services
• Bank transfers and access to account data
• Re-use of digital trail
5. (4.4) Comparison of costs
6. (6) Recommendations for further step
• Conduct interviews
• Explore Level of assurance (LoA) frameworks
• Prototype practical scenarios
• Test, elaborate and integrate novel technologies

MFA report: https://docs.google.com/document/d/1J2SfA1dcsrVHDMVtCtH4SToW_niRztc4UioWPbI60ro/edit#

2