Out-of-Band authentication factors are identity signals that do not rely for their veracity on the same system requesting user authentication. For example, an SMS code sent to a mobile phone to enable a desktop login is likely to be an out-of-band identity factor. However, an SMS code sent to a mobile phone to enable an app login on the same phone is generally not an out-of-band identity factor, since proof of identity is being requested in order to use phone features, yet the identity "proof" being offered is possession of the very same phone.¶Such "in-band" authentication flows make compromise relatively easy if the phone has been stolen. Out-of-band authentication factors are generally considered to be significantly stronger proof of identity than in-band authentication factors.
Stay informed. Join our low-volume list for news and updates.