Introducing Step-up MFA: Protect your users’ critical actions

Multi-factor authentication (MFA) is a crucial security measure that can be implemented in PropelAuth projects to secure user login flows and sensitive actions. Step-up Multi-Factor Authentication, or transactional MFA, adds an extra layer of protection specifically for high-risk actions by requiring users to re-authenticate with a fresh TOTP code. This approach ensures that each step-up grant is uniquely tied to a user, action, and expiration, thus preventing misuse or replay. The flexibility of this system allows it to be adapted to various workflows, such as requiring MFA codes for every critical action or granting access to sensitive dashboards with time-based codes. Built on existing MFA support, it includes robust security protections against common attacks and maintains an audit log of failed attempts for comprehensive monitoring, with documentation available for those interested in implementing this feature.