Learn how HyperID handles the process of authentication
HyperID employs an advanced authentication protocol that builds upon OpenID Connect and adds Multi-Factor Authentication (MFA) and an Encrypted Virtual Channel between SP Frontend and HyperID.
OpenID Connect is a widely used authentication protocol that enables users to verify their identity and authenticate themselves across multiple websites and applications without managing multiple passwords.
HyperID enhances OpenID Connect by implementing OAuth2.1 features and introducing MFA and an encrypted virtual channel to improve session security and address SSO vulnerabilities.
For more details about the OpenID Connect protocol and the OAuth 2.0 framework, see the OAuth2.0 vs. OpenID Connect section.
The encrypted virtual channel between SP Frontend and HyperID ensures that all user data is transmitted securely, protecting user privacy. This feature prevents SP Backend from identifying user information and rules out the possibility of impersonating the user and accessing HyperID data. This provides an extra level of security, ensuring that only authorized users can access their accounts.
More information about EVC is available in the dedicated Encrypted Virtual Channel section.
Multi-factor authentication (MFA) adds an additional layer of security to the authentication process, requiring users to provide two or more types of authentication before accessing their accounts. This feature protects against various types of attacks, including phishing, brute force, and credential stuffing attacks.
HyperID supports four types of second factors with varying levels of security including email, SMS, OTP, and dedicated MFA app featuring fingerprint recognition.
MFA options supported in HyperID
More information about MFA and available second factors can be found in the dedicated Multi-factor Authentication section.