Before the implementation of MFA, access to the application required authentication with a password, which was the knowledge attribute. To increase the level of credibility, a second authentication factor was introduced, which is based on the possession attribute. This means that in the authentication process, the user must prove that he has access to a trusted and assigned device.
A trusted device can be:
- A mobile application (KDPW Group Authenticator) installed on an Android or iOS mobile device.
The application can be downloaded for free from authorized stores - Google Play (Android), App Store (iOS - Apple), and its use is allowed only on phones with unbroken security of the operating systems of the indicated manufacturers. In order to act as the second factor of authentication, the mobile application should also be associated with the appropriate access account (user's digital identity), which is done after its installation by the user or
- A trusted web browser, used on a computer with a specific network and IP address, which the user authenticates as trusted when logging in (after confirmation using the mobile app).
The list of devices assigned to an access account and defined as trusted can be managed at the account management level, using the dedicated page https://identity.kdpw.pl. As part of this service, it is possible to remove devices from the trusted list and verify all authentication operations performed with a given device. Access to this resource also requires the use of multi-factor authentication.
User’s manual: access account for KDPW Group online applications