Corbado Features

Sends a one-time passcode (OTP) via SMS.

Provides a one-time passcode (OTP) via voice-call.

Sends a one-time passcode (OTP) via email.

Supports hardware tokens, which are often USB-sized, fob-like devices that store codes.

Offers software tokens, which are applications installed on a mobile phone, wearable devices, or desktops and generate time-based one-time passcodes (TOTP) that a user can easily copy. Software tokens work both online and offline.

Allows biometric factors such as fingerprints, faceprints, voiceprints, or other biometric information to be used as an authentication factor.

Offers mobile push authentication, which is a user-friendly method that does not require a user to copy a code, but rather accept or deny an authentication using a mobile application. Mobile push authentication only works when a user is connected to the internet.

Analyzes users' IP addresses, devices, behaviors and identities to authenticate a user.

Allows the use of tokens on multiple devices. This feature can also be turned off if the user does not want this.

Offers encrypted backup recovery stored by the vendor.

Enables a seamless customer experience with self-registration and self-service functions, including account creation and preference management.

Verifies user identity with authentication, which may include multiple multi-factor authentication methods.

Scales to support growing a customer base.

Captures and manages a customer's consent and preferences to comply with data privacy laws such as GDPR and CCPA.

Offers users the option to sign in with social media accounts.

Integrates with directories or other data stores that house customer data to create a complete view of a customer.

Offers FIDO2-enabled authentication method

Works with hardware security keys

Offer users multiple ways to authenticate including, but not limited to: mobile push on trusted devices, FIDO-enabled devices, physical security keys, keycards, smart watches, biometrics, QR codes, desktop app + pin, and others.

Offers solutions when users are offline or do not have access to a mobile phone.

Expedites user logins using methods like a master password or password autofill.

Integrates the tool with your browser for easy use.

Integrates with your mobile device for use on mobile apps.

Enables user to use the tool across multiple devices.

Allows an employer or administrator to manage employee access.

Generates passwords for each of your logins.

Provides extra security by requiring an extra for of verification in addition to a password.

Analyzes and evaluates the quality and variety of your passwords.

Stores records like credit cards or receipts in addition to passwords.

Stores files in addition to passwords.

Connections use open standards such as SAML or RADIS.

Offers developers a mobile software development kit to seamlessly add biometric authentication into their applications.

Integrates with identity and access management (IAM) solutions to manage workforce authentication.

Integrates with customer identity and access management (ICAM) solutions to manage customer authentication.

Encrypts all data transfers using end-to-end encryption.

Provides audit trails to monitor useage to reduce fraud.

Complies with regulations for strong customer authentication such as KYC, PSD2, and others.

Keep identity attributes consistent across applications whether the change is made in the provisioning system or the application.

Enables administrators to create access policies and applies policy controls throughout request and provisioning processes.

Provides or integrates with a cloud based directory option that contains all user names and attributes.

Integrates with common applications such as service desk tools.

Offers an easy to understand user interface to make setup smooth.

Offers a mobile software development kit (SDK) for iOS, Blackberry, and Android.

Offers a software development kit (SDK) for web-based applications.

Possesses AI-driven triggers to determine when to require MFA or stronger authentication rather than always requiring it.

Builds profiles of known devices/environments per user and flags deviations such as new devices, new networks, and/or suspicious locations as higher risk.

Spot fraudulent behavior, such as account takeover attempts, credential stuffing, bots, and brute force attacks through the use of AI.

Uses machine learning to analyze past authentication events and suggest optimizations to security policies (e.g. thresholds, triggers) or to adjust rules over time.

Leverages AI to assign a risk score to a login attempt based on context, device, IP, historical patterns to dynamically decide whether to prompt for MFA, additional challenges, or allow seamless login.

Monitors behavioral signals including typing patterns, mouse movement, and/or touch/swipe dynamics to verify user identity either at login or continuously after login.

Uses computer vision, facial recognition, or other biometrics during onboarding or at risk events, with AI-based liveness checks to prevent spoofing or replay attacks.

Generates dynamic prompts to guide users through account recovery workflows.

Implements artificial intelligence to filter, rewrite, or block prompts that attempt to access unauthorized data, escalate privileges improperly, exploit system weaknesses, or otherwise re-provision customer access permissions.