Push Authentication
Push authentication is a user-friendly method of verifying one’s identity when attempting to access a digital account or perform an online action.
Instead of manually entering codes or passwords, push authentication “pushes” a notification to your device, usually a smartphone, asking the individual to confirm the action. A push notification pop-up typically surfaces a simple requested action, such as selecting “yes” or tapping a checkmark.
One of the most broadly adopted use cases is when someone logs into an email account on their computer. With push authentication, after entering a username (and sometimes a password), a notification pops up on a pre-authenticated smartphone. It might say something like, “Someone’s trying to log in. Is this you?” The user can then tap a button to approve or deny the login attempt. This extra step adds a layer of security because even if someone else knows your password, they can’t log in without your permission from your trusted device.
Here are some examples of push authentication in action:
- When logging into an online account, like email, social media, or banking, a push notification is sent to a device, requesting approval to complete the login.
- When making a financial transaction or money transfer, a push notification confirms the action, helping prevent unauthorized transactions.
- As part of MFA, a push notification is used as the second step of verification after entering a password.
- When accessing a secure network or system remotely, a push notification ensures that only authorized users can gain entry.
- For sensitive actions like changing account settings, a push notification verifies that the user is genuinely trying to make the changes.
- Accessing confidential documents or files stored in cloud services can be secured with push authentication.
- Push authentication can be used for digitally signing important documents or contracts.
Overall, push authentication can make security more convenient for users while maintaining a strong level of protection against unauthorized access.