Episode 138 - GluuFederation/identerati-office-hours GitHub Wiki

Title: What on Earth is silent MFA?

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Prem Cherklevich, Co-Founder / CEO Relock

Channels

• Linkedin Event
• Youtube Video

Description

Most IAM teams have done the right things: deploying modern MFA, supporting passkeys, and educating users about threats. But people still default to what’s familiar — passwords and TOTPs. In this episode, we unpack a new model: silent MFA. It’s invisible to users, phishing-resistant, and adopted instantly. If you’re rethinking how authentication should work for identities you don’t directly manage — in CIAM, B2B, or hybrid environments — this one’s for you.

Homework

• Interactive demo
• Relock_Silent MFA.pdf

Takeaways

• ⚡ Relock technology enables enterprises to cryptographically recognize a browser, and can result in the Relock server minting a JWT attestation that this browser is recognized. It's deployable as a SaaS or self-hosted.

• ⚡ The server cannot impersonate the user because it has only one of the keys.

• ⚡ The SaaS version can detect impossible travel based on the IP address, and return some extra metadata based on the ip address.

• ⚡ The browser can continually check for authentication in the background--even if the user is not asserting an identity.

• ⚡ Jaded identerati are too quick to dismiss identity inventions. I forgot to ask if Relock uses Rust/WASM. But it reminds me of the Cedarling, which uses Rust code running cryptographic operations in WASM, in the browser, making new things possible, like 50µs authz decisions.

Livestream Audio Archive

here