Overview

The musthave multi-factor(MFA) / twofactor(2FA) authentication module that uses the Mendix core login/authentication capabilities together with an additional layer of security. It creates a usersession after user+password AND an additional code is validated. It supports all the common ways to create/validating codes like SMS, e-mail and (Google) Authenticator app or passkeys.

24-12-2025: React compatible + Passkeys feature!

🔐 What are Passkeys?

Passkeys are a modern, secure way of signing in without using passwords.

They are based on public-key cryptography and are bound to the user’s device, protected by biometrics (such as Face ID or fingerprint) or a PIN.

This makes them phishing-resistant and more user-friendly than traditional passwords.

👤 End-User Flow

1. Register a passkey
2.  The user chooses to add a passkey in their profile.
3.  The device securely stores the private key (for example in Secure Enclave or TPM).
4. Sign in with passkey
   • User enters username
   • Selects Sign in with passkey
   • Confirms using biometrics or device PIN
5. Access granted
6.  The server verifies the cryptographic signature → user is logged in,
7.  without any password being transmitted or stored.

✅ Benefits

• No passwords required
• Phishing-resistant authentication
• Faster and more convenient login
• Compliant with modern security standards (FIDO2 / WebAuthn)

Documentation

See documentation on https://github.com/Emixa-application-solutions/multifactor-authentication