Contact salesSign inSign up

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Blog
/
Current article

Zero trust in consumer/B2C authentication

Last Updated:
December 3, 2024
Justin Soong
Zero trust in consumer B2C authentication
A short primer on zero trust

Zero trust is a security model that assumes that no user or device can be trusted, even if they are inside the network perimeter. This means that organizations must verify the identity of every user, device, and application before granting them access to resources. Zero trust is based on the principles of verify explicitly, use least-privileged access, and assume breach.

Verify explicitly means that organizations should verify the identity of every user, device, and application before granting them access to resources. This can be done through a variety of methods, such as multi-factor authentication, risk-based authentication, and behavioral analytics.

Use least-privileged access means that users should only be granted the access they need to perform their jobs, and no more. This helps to reduce the risk of unauthorized access to sensitive data.

Assume breach means that organizations should assume that their systems have already been breached, and that they should take steps to minimize the damage that an attacker can do. This includes implementing strong security controls, such as zero trust identity, and having a plan for responding to a breach.

Zero Trust Security Principles in the context of consumer identity and authentication
Zero Trust Security Principles in the context of consumer identity and authentication

Up until most recently zero trust principles have predominantly been applied to workforce identity use cases, alleviating archaic forms of network and application access controls like internal access via VPNs and transforming how organizations on-board and off-board employees.

The same principles can also be applied to consumer identities and authentication, and even more important to implement especially with the advent of rampant data breaches, session hijacking, and the exploitation of weak symmetric authentication factors like (passwords, pins, knowledge based answers - KBA, one time passwords OTP)

Try out our passkey demo
Passkey Demo
Applications of Zero Trust Identity in Consumer Authentication
  • Strong Multi-factor authentication. This is a type of authentication that requires users to provide two or more pieces of evidence to prove their identity, that is phishing resistant like Passkeys and FIDO2 security keys.
  • Risk-based authentication. This is a type of authentication that takes into account the risk level of a particular transaction when determining the level of authentication required.
  • Behavioral analytics. This is a type of authentication that analyzes user behavior to identify suspicious activity

Practical zero trust policies to implement in the context of consumer applications
  • Challenge with MFA as a default - Assume sessions have been hijacked or symmetric credentials breached, and apply a step up challenge flow as a default
  • New Device Risk - New devices are always a strong risk signal, track device ID's or fingerprints, and timestamp last MFA attempt
  • Device last authenticated timestamps - With friendly fraud on the rise, and poor consumer controls on devices (like lock screens, shared family devices) assume that the long lived sessions are prone to risk, create windows where there is high assurance that the user was who they said they were since the last successful authentication attempt and only forgo step up authenticaion if comfortable
  • High risk transactions - Regardless of legitamacy high risk transactions like high withdrawal amounts, and high velocity of transactions within a short window, transfers to new bank account numbers always pose an element of risk. The ability to offer a step up offers an important buffer between the customer and the final authorization, and adds a layer of transaction signing that can be verified
  • Behavior - Typically certain behaviors precede a high risk action, like changing a password, changing an address, followed by iniating a high value transaction. Being able to bring events in from disparate systems to build policies that have behavioral context allows effective targeting of specific bad actor behavior
  • OpenID/OAuth2.0 Claims - Use context from a Open ID auth flow when an application/relying party is requesting acess, together wuth the scopes that it's requesting are a place to overlay zero trust policies i.e. you may have an application or third party app that is contains a higher risk profile or requesting for claims that are more priveleged
  • Restrict authentication to high assurance factors - If the customer has opted in to higher assurance factors like Passkeys, Secuity Keys (Yubikey), Time based one-time passwords (TOTP) restrict the ability to use weaker factors
Authsignal's No Code Rules Engine allows for zero trust policies to be implemented in real time
Authsignal's No Code Rules Engine allows for zero trust policies to be implemented in real time

Authsignal's Drop in Passwordless Authentication orchestration suite

The great news is that implementing zero trust security principles into your consumer applications is very simple with Authsignal. Regardless if you're using an identity provider like Auth0/Azure AD B2C (Entra) or have your own identity stack, Authsignal's drop in solution allows your team to deploy these zero trust customer journeys very quickly, with our OpenID Connect integrations or our single API call you can explicitly verify your customer at crucial touch points.

Sign up for a free account and try out how easy it is to protect your customer accounts.

Subscribe to our monthly newsletter
Subscribe
Related Resources
No items found.
Talk to an expertDemo PasskeysView docs
Passwordless authentication
Multi-factor authentication
Fraud prevention
Zero trust
Flexible multi-factor authentication
Risk based authentication
Azure AD B2C
You might also like
Add MFA to Keycloak using Authsignal: A Step-by-Step Guide
December 9, 2024
Authsignal offers an easy-to-integrate solution that simplifies the process of adding MFA to Keycloak.
Keycloak
Multi-factor authentication
Integration
Managing Authenticators
Authsignal in partnership with MATTR claims authentication world first, binding Mobile Driver’s License (mDL) to Palm Biometrics
December 5, 2024
Authsignal has launched a world-first solution that binds a mobile driver's license (mDL) with Palm Biometrics.
palm-biometrics
Press Release
Biometrics Passkey-Binding: Ensure Digital Credential Ownership and Real Human Presence
November 19, 2024
Learn about biometric passkey-binding pairs facial recognition with cryptographic passkeys for secure, seamless authentication, protecting against phishing, deepfakes, and fraud while improving user experience.
Biometric authentication
Biometrics passkey binding
Passkeys
Secure your customers’ accounts today with Authsignal.
Passkey demoCreate free account

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOC
LinkedInTwitter
Features
Passwordless AuthenticationPasskeysBiometric AuthenticationMulti-factor AuthenticationWhatsApp OTPNo-Code Rules EngineSingle View of the CustomerPalm Biometrics
Use Cases
Account Takeovers (ATO)
User Onboarding & Sign-up
SMS Cost Optimization
Fraud Protection
Existing Apps
View all Use Cases
Industries
Financial Services
Marketplace
FinTech
Crypto
View all Industries
Identity Providers (IDPs)
AWS Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Open ID Connect (OIDC)
Ruby on Rails
Supabase
Coding Languages
C#
Java
Node.js
PHP
Python
React
Ruby
Compare
Twilio vs AuthsignalAuth0 vs Authsignal
Resources
BlogDeveloper DocsSolutions MarketplaceKnowledge BaseFree Figma Mobile Passkeys TemplateFree Figma Desktop Passkeys TemplateFree Figma WebApp Passkeys TemplateAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies