Weak Multi-factor authentication
4 min
Multi-factor authentication (MFA) is essential in any application to enhance security by requiring multiple forms of verification from the user, reducing the risk of unauthorized access.
If you're using OIDC with PKCE and the Asgardeo SDK for login, you can easily add the necessary multi-factor authentication steps within the application configuration in Asgardeo. You can also implement conditional authentication logic to tailor the login process based on risk factors, without requiring any changes to the SDK—simply configure it in the Asgardeo console.
Additionally, Asgardeo offers App-Native authentication, allowing you to create your own user interfaces while handling authentication via REST APIs. In this case, you must follow the API specifications and incorporate all required MFA steps to complete the authentication process. If the authentication flow involves a federated IdP, you'll also need to manage IdP redirection accordingly.