...
Level of assurance | Authentication Assurance | Identity assurance | Characteristics |
---|---|---|---|
LoA 1 | Username/password | No extra validation of the user's identity | For access to basic resources with little or no risk |
LoA 1.5 | Username/password + second factor | No extra validation of the user's identity | Protects the user and resources from compromised passwords |
LoA 2 | Username/password + tiqr, SMS or AzureMFA | The identity of the user is validated | For high level of confidence in the asserted identity. Often used for access to high risk resources |
LoA 3 | Username/password + YubiKey or FIDO2 | The identity of the user is validated | Same as LoA2, but with more secure authentication methods. |
A service or institution needs to choose which level of assurance is appropriate for protection. There are several ways a LoA can be requested for a specific service or part of a service.
Second Factor Only (SFO) authentication
...