Security practitioners worldwide face the same challenge: provide robust security and enhanced user experience. In a landscape of continued change and evolution, knowing all of our options becomes difficult. The seemingly elusive solution is to provide our end users with a seamless experience while requiring them to perform powerful, phishing-resistant multi-factor authentication (MFA). While traditional MFA options, such as one-time passwords (OTP), are a step up from password-only authentication, they’ve proven increasingly inadequate in the modern world. It’s now fairly easy for bad actors to intercept OTPs sent via email or SMS. Hardware tokens, while secure, severely impact the user experience and are more prone to loss and damage. These downfalls highlight the need for a more resilient solution that confronts these weaknesses. Okta FastPass addresses these challenges head-on using a multi-layered approach to authentication through a single flow that provides: Possession factor FastPass authentication requests use a signed nonce.