Question:
We are testing adaptive MFA and need to find an easy way to get a low confidence score for the device in each login attempt? How can I achieve this?
Answer:
Auth0 adaptive MFA uses the user’s session cookie and the browser’s user agent to determine if it is a new device or not.
You may use Chrome’s incognito mode for testing multiple times and getting a low score each time. As an important note, it is required to close all of the incognito windows and then open a new one for the new test. Performing like this is needed because chrome shares cookies across open incognito windows. Hence, all incognito browsers should be closed first so that the session cookie from the previous test is recycled.
As a second step, you need to change the user agent of the incognito browser and set a random user-agent. Setting a random user-agent is possible from Chrome’s developer tools. I’m sharing a screenshot of how to do this below:
