Russian developer "Multifactor" has added Max messenger to the list of two-factor authentication methods in the Multifactor system. According to CNews representatives, now to log in to your personal account and corporate resources, it is enough to confirm the action with a push notification.
The user enters their login and password, after which the Multifactor server sends a push to Max. Clicking the "Yes, it's me" button grants access, while the "No, it's not me" option blocks the attempt and notifies the account owner.
The method works with RADIUS, LDAP, SelfService Portal, OWA, AD FS, and Keycloak.
Previously, SMS codes or TOTP applications were used for the second factor. The former are insecure (SIM swapping), the latter require manually entering six-digit numbers. Push via a domestic messenger provides speed and protection against interception. "Multifactor" continues to replace Western solutions (Google Authenticator, Microsoft Authenticator) in the Russian corporate sector. You can connect the method right now in your personal account.