Serverless MFA with Didit Biometrics & AWS Cognito

Enhanced Security with BiometricsIntegrate Didit's Passive & Active Liveness detection and 1:1 Face Match to add a powerful, fraud-resistant biometric factor to your MFA flows, moving beyond traditional methods.

Serverless Architecture with AWS CognitoLeverage AWS Cognito's user management capabilities and serverless functions (Lambdas) to build a scalable, cost-effective MFA solution without managing infrastructure.

Streamlined User ExperienceProvide a seamless and intuitive authentication journey by replacing cumbersome OTPs with quick, accurate biometric checks, reducing friction for legitimate users.

Didit's Modular and AI-Native AdvantageDidit's platform offers a flexible, API-driven approach to identity, enabling easy integration of advanced biometric verification into any application, backed by AI and a Free Core KYC offering.

The Evolution of Multi-Factor Authentication (MFA)

In today's digital landscape, strong authentication is no longer optional; it's a necessity. Multi-Factor Authentication (MFA) has become the standard for protecting user accounts and sensitive data. While traditional MFA methods like SMS OTPs and authenticator apps offer an added layer of security, they can still be vulnerable to sophisticated attacks like SIM swapping and phishing. Moreover, they often introduce friction into the user experience, leading to abandonment or frustration.

The next frontier in MFA involves leveraging advanced biometrics, offering a more secure and user-friendly alternative. By integrating technologies like liveness detection and face matching, businesses can significantly elevate their security posture while simplifying the authentication process for their users. This shift is crucial for combating evolving fraud tactics and meeting rising consumer expectations for seamless digital interactions.

Building Serverless MFA with AWS Cognito and Didit Biometrics

Combining the power of serverless architecture with cutting-edge biometrics provides a robust and scalable solution for modern authentication. AWS Cognito is a fully managed identity service that makes it easy to add user sign-up, sign-in, and access control to your web and mobile apps. It supports various MFA options and integrates seamlessly with AWS Lambda for custom workflows. When paired with Didit's Biometric Authentication, you can create a truly next-generation MFA system.

The process typically involves using Cognito as the primary identity provider. After a user enters their username and password, a custom AWS Lambda trigger can invoke Didit's Biometric Authentication. This involves the user performing a liveness check and face match, confirming their physical presence and identity. Didit's Passive & Active Liveness detection ensures that a real person is present, not a spoofing attempt (e.g., a deepfake or a photo), while 1:1 Face Match verifies the user against a pre-enrolled biometric template or a reference image from their ID document.

This serverless approach means you don't need to provision or manage any servers, reducing operational overhead and allowing your authentication infrastructure to scale automatically with demand. It's a cost-effective and highly resilient way to implement advanced security measures.

Didit's Biometric Authentication: A Closer Look

Didit's Biometric Authentication is designed to provide comprehensive insights into both liveness detection and facial matching results within a single verification flow. The system captures a liveness session using advanced methods like ACTIVE_3D or FLASHING, extracts a face image, and then compares it to a trusted portrait_image (e.g., from an initial ID Verification). Both components — liveness and face matching — must pass for the overall authentication to be approved.

The biometric authentication report provides a detailed breakdown, including a liveness score and a face match similarity score. Key fields in the response include session_id, overall status (Approved, Declined, Not Finished), and detailed sections for liveness and face_match, each with their own status, scores, and potential warnings. For instance, a LOW_LIVENESS_SCORE or LIVENESS_FACE_ATTACK would trigger an automatic decline, as would a LOW_FACE_MATCH_SIMILARITY if it falls below configured thresholds.

Didit's system is highly configurable, allowing businesses to set review and decline thresholds for both liveness and face match scores. This flexibility ensures that the authentication process aligns with specific risk appetites and compliance requirements. By leveraging Didit's robust biometric capabilities, organizations can significantly reduce identity fraud risks and ensure that only legitimate users gain access.

Integrating Didit with AWS Cognito Workflows

Integrating Didit's biometrics into an AWS Cognito MFA flow involves custom authentication challenges and Lambda triggers. When a user attempts to sign in, Cognito can initiate a custom challenge, prompting the user to complete a biometric scan via their device. This challenge would direct the user to a front-end interface that integrates with Didit's SDKs to capture the liveness and face match data.

Once the biometric data is processed by Didit, the results are sent back to an AWS Lambda function. This Lambda function evaluates the liveness.status and face_match.status from Didit's response. If both are 'Approved', the Lambda function can then confirm the authentication challenge with Cognito, granting the user access. If the status is 'Declined' or if there are critical warnings like FACE_IN_BLOCKLIST or NO_FACE_DETECTED, the Lambda can reject the authentication, preventing unauthorized access. This modular architecture allows for fine-grained control over the authentication flow and enables businesses to build highly customized and secure MFA experiences.

How Didit Helps

Didit is at the forefront of AI-native identity verification, providing the open, modular identity layer for the internet. For businesses looking to implement serverless biometric MFA, Didit offers unparalleled advantages:

• Advanced Biometric Authentication: Our platform includes state-of-the-art Passive & Active Liveness detection and 1:1 Face Match capabilities, crucial for robust MFA. These features are designed to detect and deter sophisticated spoofing attempts, ensuring that the person authenticating is indeed who they claim to be.
• Modular Architecture: Didit's API-driven design allows for seamless integration into existing AWS Cognito workflows. Our developer-first approach means instant sandboxes, comprehensive public documentation, and clean APIs, making it easy for developers to embed advanced biometrics without extensive rework.
• AI-Native & Fraud Prevention: Built from the ground up with AI, Didit's solutions are continuously learning and adapting to new fraud vectors. This means your MFA is always protected by the latest in fraud prevention technology.
• Cost-Effective and Scalable: With Free Core KYC and a pay-per-successful-check model, Didit eliminates setup fees and allows businesses to scale their identity verification processes efficiently and affordably.
• Orchestrated Workflows: Beyond just biometrics, Didit provides a no-code Business Console for orchestrating complex identity verification workflows, including ID Verification (OCR, MRZ, barcodes), Proof of Address, and AML Screening & Monitoring, offering a holistic approach to trust and security.

By choosing Didit, you empower your applications with a flexible, secure, and user-friendly biometric MFA solution that integrates seamlessly with serverless architectures like AWS Cognito.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.