in Authenticator 6.29 for Android and iOS
Accéder à la page en français → French version
Dear customer and partner,
We would like to inform you that the user journey to validate operations on mobile Authenticator through push notifications and fingerprints will slightly evolve in order to increase the security level.
All other scenario remain unchanged: Authentication via PIN, authentication in a service without PIN (silent mode), authentication via facial recognition.
The change will be deployed in Authenticator 6.29 for Android and iOS between June 15 and June 30.
Although the changes are very limited and quite self-explanatory, you may want to inform the users to avoid calls to your helpdesk. You will find below some examples and screen shots you can use to communicate.
Why are we changing the scenario?
Some customers have reported that in this scenario, a user may inadvertently accept an unsolicited notification by putting his finger on the fingerprint sensor. In order to avoid misacceptation, a user will be asked to explicitly accept or reject the transaction before authenticating himself.
Who is impacted?
If your users are equipped with Authenticator for Android or iOS with phones offering a fingerprint sensor, and you allowed biometrics in the service, then your users are authenticating with this scenario.
What is the impact?
The scenario will be similar to the Facial Recognition scenario. A new explicit “Accept/Reject” window is displayed first, then the user proceeds with the authentication. This avoids authentication by mistake, just in case the user was not the initiator of the request.