The Best Ways to Use FusionAuth for Multi-Factor Authentication (MFA)

Hello Everyone ,

I'm currently utilising FusionAuth to create Multi-Factor Authentication (MFA) in an effort to strengthen the security of our application. Even though the material has been quite beneficial, I wanted to ask the community of some more tips and best practices.

I have the following specific queries:

Designing User Experience (UX): In order to guarantee a seamless and simple user experience, how have you incorporated MFA into your application's login process? Which UI/UX guidelines or design patterns have you discovered to be very successful?

Authenticator apps versus SMS: What aspects of employing SMS-based codes versus the authentication tool apps (such as Authy or Google Authenticator) did you take into account? Did user preferences or security considerations influence your choice in either direction?

Fallback Procedures: What backup plans do you have in place in case a user misplaces or deletes the authenticator app, losing access to their primary MFA method? In these situations, how can security and usability be balanced?

Scaling and Performance: Have there been any performance problems for those of you who have used MFA in large-scale applications? If yes, how did you respond to them?

Regulations and Conformance: Does your MFA deployment approach take into account any particular compliance requirements or legislation (such GDPR, HIPAA, etc.)? How did you make sure your implementation complies with these specifications?

https://fusionauth.io/articles/authentication/multi-factor-power-apps-authentication

I would be interested in knowing about your implementation process experiences and any difficulties you encountered. I would be grateful for any advice, code snippets, or tools you could provide.

Thank you in advance.

Hello there,
I feels like you are encountering some complex issues with running FusionAuth in Azure Container Apps and using KrakenD as a proxy.

For the Proxy Configuration Warning, be ensure that your FusionAuth instance is aware of the correct external URL and headers. You might need to set the FUSIONAUTH_URL environment variable appropriately.

Releated KrakenD, you could configure it to correctly handle the necessary headers for FusionAuth. Be sure your KrakenD configuration includes the necessary routes and headers for FusionAuth's admin and OAuth endpoints.

Consider checking the FusionAuth and KrakenD documentation for any specific configurations needed for Azure environments.

If the issue still did not get solved, you might want to reach out to FusionAuth support directly for more tailored assistance.

Hope it helps.

Hello @ehabmohsen66 The information you provided is very helpful. Thanks for it.

But can you elaborate on the google developer console?

Hi beezerk, thanks for detailing the issue. I think it's a misconfiguration or a bug. Have you tried updating to the latest version of FusionAuth to see if it resolves the problem?

Also, double-check your tenant and application settings to ensure MFA rules are correctly applied. If the issue persists, reaching out to FusionAuth support might be beneficial.

Hope it works!