My main SaaS business deals with patient information, and I not only made sure it was HIPAA compliant, but also implemented some additional security features.
I’m in the process of extracting 2 of these features into a simple API so I can build a product around them. Both are ways to enhance user authentication for SaaS apps:
2-factor authentication as a service: this one would handle the 2nd authentication step, either using time-based tokens or SMS. I know it’s nothing new, there are a couple of services doing this. I would just try to position it a little bit differently and make it dead simple to implement.
Suspicious login detection: this is a simple API call. After you authenticate your user, give me their user id and IP address and I’ll let you know if that login is suspicious based on their login history, geo location and other heuristics. You can choose what to do next. Based on your settings, I can even handle emailing the user with an unlock token or warn them of the unusual activity in their account.
These 2 features could save a few days of development and ongoing maintenance. Would you pay to add this extra layer of security to your SaaS? If so, how much?
Thanks in advance!