Haventec Authenticate FAQs

Security

Q: Why is Authenticate more secure?

Haventec Authenticate decentralises your authentication across 3 different locations. If a hacker wanted to try to access your account, they would need to have all 3 parts of the key: the secret key on your device, the one-time server key and your PIN which only you know as it is never saved anywhere. If an attacker manages to get all 3 parts, they will need to use them before you re-authenticate because Haventec Authenticate will roll your device secret key and the sever key after every successful authentication.

Q: What do you mean, Two Factor Authentication (2FA) comes out of the box?

Because we have rebuilt authentication from the ground up we have also included 2FA built into our Authentication process. Two Factor authenticate is a combination of something you know, something you have, and something you are. With Haventec Authenticate we use something you know and something you have.

  • Something you know: The user knows a simple 4 digit PIN, unlike other systems that use PINs, our PIN is only know to the user, it is never saved our stored anywhere, therefore it cannot be stolen by an attacker.
  • Something you have: Haventec Authenticate registers the user's device. We place an Authentication Key (secret) on the user's device. This Authentication Key is unique to each user's device. It is rotated every time the user successfully authenticates on that device.

Q: Must my application use a 4 digit PIN?

No. Your application can use any number of digits for the PIN. Because Haventec Authenticate does not know or save the PIN we do not restrict the length of the PIN. The length of the PIN you use is down to your organisation risk posture. We recommend a 4 digit PIN for a balance between security and usability.

User flows

Q: What does Haventec consider to be a "device"?

A device is any hardware or software that runs your application. Including but not limited to:

  • Mobile phone
  • Web browser
  • Smart TV
  • Laptop
  • Desktop
  • Wearables
  • Internet of Things (IoT)

Q: Do my customers need to register their device to use Haventec Authenticate?

You can choose to automatically register a customers device or you can have your customer enter a registration code into their device to register it.

Have a look at our Sign up user flow for more details.

Q: How many devices can my customer register?

Your customer can register as many devices as they like.

Implementation

Q: Can I use Haventec Authenticate on-premises?

Yes, Haventec Authenticate can be deployed on-premise or you can use our cloud solution.

Q: What other services does Haventec Authenticate integrate with?

Haventec Authenticate uses industry standard integration patterns and protocols including but not limited to:

  • Active Directory (AD)
  • LDAP
  • OpenID connect
  • SAML