Transactional MFA
Dynamic offers multiple options for security at the transaction level when using the Dynamic-powered embedded wallets. These options include no MFA (Multi-factor authentication), Passkey MFA, and One-Time Codes MFA. It’s important to note that transactional MFA is distinct from authentication MFA, which is used when the user logs in. This means a user can be protected with MFA during login and also required to confirm actions when signing messages or transactions.
No Transactional MFA
No transactional MFA is currently in closed beta. Please reach out to us for early access if you are interested in testing this feature. No transactional MFA provides less user protection and should be used carefully (for instance, we advise against using this feature along-side phone login, unless authentication MFA is enabled)
In this mode, transactions for logged-in users are processed without any additional verification steps. While this offers a seamless user experience, it also increases the risk of an end-user accidentially approving a transaction. It is recommended to use this mode only in low-risk scenarios or when heightened security is not a primary concern (e.g. signing messages or trading free NFTs).
One-Time Email Codes MFA
One-Time Email Codes MFA provides an additional layer of security by requiring the user to enter a one-time code when performing a transaction. This code is typically sent to the user’s registered email.
How it Works: When a transaction is initiated, a one-time code is sent to the user’s registered email. The user must enter this code to proceed with the transaction. This ensures that even if an unauthorized party gains access to the user’s device, they would still need the one-time code to complete a transaction.
Configuration:
- You can enable One-Time Codes MFA in the Wallet Transactions section under the Embedded Wallets tab
- You can adjust the length of time before a session with OTC expires by clicking the gear to the right of the feature section once you’ve toggled it on.
Passkey MFA
Passkey MFA provides the most secure transactional MFA option. We strongly recommend this option for applications that handle money or trading.
Passkey MFA enhances security by requiring the user to authenticate using a passkey when performing a transaction. This method leverages the user’s device-based authentication mechanisms (e.g., biometrics, device PIN) to confirm their identity.
How it Works: When a transaction is initiated, the user is prompted to authenticate using their device’s passkey mechanism. This could be a fingerprint scan, facial recognition, or entering a device PIN. Once authenticated, the transaction proceeds as normal.
Configuration:
- You can enable Passkey MFA in the Wallet Transactions section under the Embedded Wallets tab
- You can control whether a Passkey is required at signup or not by clicking the gear to the right of the feature section once you’ve toggled it on.
- You can control whether a user can add more than one Passkey in the same configuration section as mentioned above.
Important Notes
Transaction and Message Signing UI
Dynamic offers a customizable transaction and message signing UI, enhancing the user experience by providing clear and intuitive confirmation prompts. These prompts ensure users are aware of and can confirm actions before they are executed, adding an extra layer of transparency and security.
Features of Transaction and Message Signing UI:
- Provides clear, user-friendly confirmation prompts for transactions and message signing.
- Helps prevent accidental or unauthorized actions by requiring user confirmation.
- Can be customized to match the look and feel of your application.
Turning Off Signing Confirmation UI: You can disable the transaction and message signing UI via an option in the Dynamic dashboard. This can be useful in scenarios where speed is a priority, and the risk of unauthorized actions is minimal, or when you control your own UI to show a similar confirmation screen.
Was this page helpful?