Advanced Topic: Authenticator Assurance Levels
What are authentication assurance levels?
Authenticator assurance levels (AAL) are a NIST standard that assess the degree of confidence and trust in an authentication.
Why are authenticator assurance levels important?
Authenticator assurance levels determine the strength of the authentication and level of security assurance provided by different authentication methods. There are three levels:
- AAL1: Little to no confidence in the asserted identity's validity. Simple, phishable authentication methods.
- AAL2: Moderate level of confidence in the asserted identity. Stronger authentication processes, including MFA.
- AAL3: Highest level of assurance in digital identity. Multiple phish-resistant authentication factors used, including a hardware based authenticator.
Beyond Identity and authenticator assurance levels
Beyond Identity's MFA solution meets AAL3 level standards. Our hardware bound authenticator leverages cryptographic keys for authentication, and meets advanced phish-resistant configuration such as verifier impersonation resistance.
AAL3 is a crucial part of a zero trust architecture. Check out our zero trust assessment for a full analysis on your authentication and device management practices and how to reach an optimal level of zero trust.