With stealth mode, we denote a security feature of 2-factor authentication schemes providing the following extra security:
- No information about users or authentication tokens is leaked to adversaries (no user enumeration).
- An adversary cannot obtain information about the correct password (not even for trying a few frequently used passwords).
This only applies if the simulation of the second factor cannot be distinguished from the real second factor.
Stealth mode is applicable for 2-factor authentication schemes performed in 2 steps:
- Usually username/password authentication.
- Authentication token such as SMS, OTP, grid card etc. An authentication method may be selected based on user data (see also Selection of authentication method (mixing multiple token-types)).