Question:
How can I get low confidence scores for the MFA assessors used in adaptive MFA?
Answer:
-
In order to trigger a low confidence score for the
UntrustedIPs
assessor, one can perform an interactive login through a Tor browser. -
In order to trigger a low confidence score for the
NewDevice
assessor, for a returning user, one can 1) clear all browser cookies for the domain, and 2) alter theirUser-Agent
string (ex. use a different browser than the previous login attempt, or artificially alter the value using a browser plugin). For an example, you may check this FAQ. -
In order to trigger a low confidence score for the
ImpossibleTravel
assessor, for a returning user, one can perform an interactive login through a VPN service, where the VPN connection is done from different geolocation. The location needs to be far enough from the previous login attempt.