miaa LoginEnhancer is a managed plug-in for an Identity Management Platform that works hand-in-hand with the miaa Widget. It allows you to implement conditional two-factor authentication and enhanced password policies.
In combination with the miaa Widget, the LoginEnhancer can:
- demand the user to renew the password under certain conditions (and disallowing the reuse of passwords). Typical conditions are:
- expiration, i.e. after a fixed period of time
- aging, i.e. after a number of logins
- entropy, i.e. when the password is too weak
- lock-out, i.e. after suspect behaviour
- convert legacy password hashing into a more robust hashing algorithm
- enforce different password policies for different segments of users
- challenge a user with a second factor authentication, such as a sms text message, under certain conditions (step-up authentication)
LoginEnhancer can also alert users in cases of suspect activity, such as too many failed login attempts, and in cases of known phishing attacks.
Please refer to On the use of passwords for some use cases.
Note: All Personally identifiable information (PII), including the password, is persistently stored in the Identity Management Platform only and miaa Cloudware does not persistently store any PII. Even though PII and the password can temporarily occur in volatile memory, it is not kept in any database nor any log of the miaa Cloudware.
The miaa LoginEnhancer is designed, set-up and operated using our Taking care managed life-cycle.
During the Build phase, our integration services will:
- Coordinate with web developers, mobile developers, IT, Identity Management Platform vendor and any third-party platform vendor in scope
- Tailor the rules to be adopted by the LoginEnhancer
- Tailor the configuration settings and API endpoints