Expand description
§Factor Strength Policies
Enterprise-grade MFA factor strength enforcement to address:
- Risk #10: Phishable factors (TOTP, SMS, email links, push approve)
- Risk #18: Weak factor combinations
- Risk #25: No phishing-resistant factor requirements
§Features
- Factor Classification: Phishable vs phishing-resistant
- Risk-Based Selection: Require stronger factors for high-risk operations
- WebAuthn Enforcement: Mandatory for admins and sensitive operations
- Policy Engine: Per-tenant configurable policies
- Factor Strength Scoring: 0-100 scale
- User Warnings: Educate users about factor security
- Factor Promotion: Encourage WebAuthn adoption
- Compliance Tracking: NIST AAL alignment
Structs§
- Enforcement
Result - Factor strength enforcement result
- Enrolled
Factor - Factor enrollment information
- Factor
Recommendation - Factor selection recommendation
- Factor
Strength Manager - Factor strength enforcement manager
- Factor
Strength Policy - Factor strength policy configuration
- InMemory
Factor Strength Storage - In-memory storage for testing
- User
Factor Report - User factor strength report
Enums§
- Factor
Class - Factor classification based on phishing resistance
- Factor
Strength Error - Errors that can occur during factor strength enforcement
- Factor
Type - MFA factor types with security classification
- Operation
Risk Level - Operation risk level determining required factor strength
- User
Role - User role determining factor requirements
Traits§
- Factor
Strength Storage - Storage trait for factor strength policies