9 Trusted Authentication Methods for E-Signature Transactions Use these authentication methods for e-signature alone or in combination (single or multi-factor authentication), depending on the risk level of your process:
- Email authentication: The signer is sent an email, inviting them to access the e-sign ceremony by clicking a link. Authentication happens with a successful login to the email account + clicking the link.
- Login credentials: Login requires a valid user ID and password. Single Sign-on (SSO) e.g., through an organization's portal, is also a method to access the system and e-sign transactions.
- Secret question challenge: The signer must successfully answer challenge questions. These are referred to as “shared secrets” because the question and answer sets are known by both parties and pre-selected ahead of time (e.g., what is your SSN, application ID, policy number, etc.).
- SMS authentication: A unique PIN is automatically generated and sent to the signer’s cell phone. The signer enters it into a browser to authenticate.
- Dynamic KBA: Integrated with 3rd party ID verification services like Equifax or Experian, the signer is presented with knowledge questions on the fly to authenticate their identity before signing.
- Digital certificates: Issued by 3rd parties like Trust Service Providers (TSP) and certificate authorities (CA), signers pass authentication requirements prior to signing by combining the certificate with a PIN or password.
- Smart cards & derived credentials: Federal employees and contractors require a smart card or mobile derived credentials when e-signing. This is a form of multi-factor authentication: the smart card or mobile device (something you have) combined with the user’s PIN (something you know).
- DIGIPASS: DIGIPASS® is a line of multi-factor authentication solutions that support strong authentication with one-time passwords (OTP) and visual cryptograms during the upfront user authentication and at the time of e-signing documents.
- Biometrics: Biometrics are typically used for high risk, high value transactions with existing customers. Face “selfie” and fingerprint authentication quickly validate user identities for e-signature.