The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may protect its networks using different authentication methods for user access. To enhance data security, numerous techniques have been developed. For example, the use of username and password combinations has become ubiquitous in various access control contexts.
Additional techniques are also often used in addition to or instead of usernames and passwords. For resources that require greater security, more complex methods are generally advisable; for example, multi-factor authentication (“MFA”) or two-factor authentication, which requires a user to provide two or more types of credentials in order to gain access to the network resource. Generally, MFA combines two or more independent user credentials, one that the user has knowledge of (e.g., a username/password) and one that the user is provided or something the user possess (e.g., a security token), thereby making it more difficult for unauthorized access to a physical location, computing device, network, database, etc.
MFA commonly includes a user providing a username/password combination to a network resource provider and receiving an authentication code in response, where the authentication code is transmitted to a user's predetermined or preauthorized device (e.g., receiving the authentication code via a short message service to a mobile device). Conventional implementations of MFA are often inflexible and, as a result, can cause an unfavorable user experience in certain situations. For example, MFA may require a code be sent to a mobile device, but the mobile device may lack network connectivity in some locations. As another example, a user may have multiple mobile devices and may not have the same device with him/herself at all times. Consequently, MFA, while increasing security, can make authentication processes difficult and, at some times, impossible.