Skip to main content
Skip table of contents

Consistent Authentication

Authentication mechanisms are consistent for all identity types (employees, workers, blue/white collars, generic accounts, etc.).

For instance, generic accounts can have their own set of rules, from password to lifecyle or ownership.

Security mechanisms

My-Access comes with built-in blocking mechanisms in case of repeated unsuccessful login attempts usign authentication means managed by Memority (e.g. OATH OTPS, My-Keys Premium, SMS/email OTP, passwords, etc.). The associated security measures can be configured (number of unsuccessful attempts, suspension duration, manual procedure, etc.). Customers can choose what actions users will need to perform after too manyt unsuccessful attempts:

  • Wait until the account is automatically unlocked (configurable duration)

  • Reset password or MFA authentication using Self-Service features

  • Ask an admin to unlock relevant authentication means

Memority supports Captcha implementation (e.g. recaptcha, hcaptcha, etc.) to avoid bruteforce attacks performed by bots).

Upon an unexpectedly high amount of account locks following high volumes of unsuccessful attempts, My-Access can trigger the following actions:

  • Send notification to the affected end-user, their manager or adminsitrators

  • Lock account at a higher level (admin unlock required)

Limited information

Memority follows common guidelines to share as little information as necessary during the authentication process. As such:

  • Typed credentials are always hidden.

  • Upon authentication failure, no additional information is share as to why the authentication failed.

Token Information

SSO token validity period is configurable in Memority, as well as token expiry for idle sessions. Using Authentication Step-Up, Memority can ask for a stronger authentication if users try to login to more critical applications.

Additionally, authentication token content is configurable (user attributes, authentication levels, target application, etc.).

All interactions with Memority - internal and external - are encrypted. Credentials are either encrypted or hashed based on context. Additionally, token identifiers are randomly generated and therefore completely unpredictable. All security parameters (nonce, challenge, etc.) are 128 bits long.

Trusted Devices

Memority can recognize common devices to streamline user journeys by storing signed and encrypted persistent cookies in users' browsers. This allows Memority to:

  • Automatically identify the user making a logon attempt.

  • Seamlessly authenticate the user through a cryptographical challenge between Memority and the user’s browser.

  • Detect potential cookie theft.

These mechanisms can be paired with My-Access’s Risk-Based Authentication capabilities to implement dynamic authentication patterns.

Read Next

Consistent Authentication — Authentication mechanisms are consistent for all identity types (employees, workers, blue/white collars, generic accounts, etc.).
Adaptive Authentication — My-Access provides Adaptive Authentication mechanisms to select the best authentication methods based on predetermined rules defined by administrators.
Risk-Based Authentication — My-Access provides Risk-Based Authentication (RBA) capabilities allowing to assess user’s context when authenticating. Hence, Memority can determine whether further authentication steps are required to finalize the process.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close