Definition and Purpose

Push Authentication is a form of Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) where a user is required to respond to a push notification on a linked mobile device. Overall, this method provides greater security by requiring an additional form of identity verification aside from a typical username and password. A 2019 study by Google stated that forms of 2FA can stop 96% of bulk phishing attacks.

How does Push Authentication work?

1. User initiates login - First, the user accesses the system by entering their username and password. This is followed by a request sent via push notification to registered mobile devices associated with the user.
2. Notification received - The user then receives the push notification, which typically includes data like login location.
3. Verification - The user responds to the notification by accepting or denying the authentication request. This may include systems like reproducing a randomly generated passcode from the device to the system.
4. Access granted - If the request is approved and all other forms of authentication are correct, the system finally grants access to the user.

Drawbacks of Push Authentication

Though Push Authentication does provide an extra layer of security when it comes to system access, there are some drawbacks that organizations should consider when implementing MFA systems:

1. Dependency on mobile devices - If a user does not have a mobile device with them or if it is lost, stolen, or out of battery, they will not be able to access the system.
2. Privacy - Push notifications can reveal information about the system that they are trying to access or from where they are trying to access it.
3. Infrastructure failure - If the notification system itself experiences technical issues, it can prevent users from accessing resources. This leads to wasted time and resources.