IBM Security Verify


This portal will be removed

In IBM’s effort to continue to streamline and simplify navigation for our customers, this Ideas portal will be shut down on February 28, 2023. We would ask that you use the main IBM Ideas portal at https://ideas.ibm.com/ or the IBM Security-specific portal at https://ibmsecurity.ideas.ibm.com/ to review, vote for existing ideas, or add new ideas.

Device Fingerprinting based on risk profile and the ability for user to opt-in to force MFA per Application

Currently, there does not seem to be any feature built-in in which devices are fingerprinted (uniquely tracked) and actioned upon (i.e., forcing MFA) based on risk factors such as sign-in location, device identity, etc. Ideally, devices could be fingerprinted so that users could choose, upon sign-in, to "mark" that device to not be prompted for MFA (per Application) during future login sessions, OR to opt-in to force MFA for future login session (per Application). There should be a configuration option to allow administrators to decide whether to allow users to be able to make the decision to opt-in or opt-out of MFA. Similarly, there should be a configuration option to turn on device fingerprinting and actioning.

This would be a beneficial feature as this would allow users to be able to control the security of their account more (by way of opting in to forced MFA). This would additionally allow "smarter" MFA prompts that the system could enforce when there is a higher sign-in risk for a particular session, such as when it is from an unfamiliar device.

  • Guest
  • Jul 5 2019
  • Future consideration
  • Guest commented
    9 Jul, 2019 02:08am

    Device fingerprinting will become available later this quarter (Q3 2019), however we do believe that user driven MFA is something that should be added to our backlog. We will accept this and consider for future develpment with regards to self-management of MFA enforcement.

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.