The short answer: NIST (National Institute of Standards and Technology) Digital Identity Guidelines define assurance levels that determine how confidently a platform can verify who someone is — both at enrollment (IAL) and at login (AAL). Proof uses these frameworks to meet compliance requirements, reduce fraud, and protect user data.
IAL and AAL work together as part of a layered security approach:
- Identity Assurance Levels (IAL) focus on how confidently an organization can verify a person is who they claim to be during initial enrollment.
- Authenticator Assurance Levels (AAL) determine how securely users prove their identity during subsequent logins.
IAL2 — Identity Assurance Level 2
IAL2 is the middle of three identity proofing levels and strikes a good balance between strong protection and user convenience. To be IAL2-compliant, a platform must do both of the following:
- Validate a government-issued photo ID.
- Confirm the authenticity of identifying information through record checks.
Businesses, title agents, and lenders can choose IAL2-compliant identity verification when creating certain transactions. An IAL2-compliant identity verification transaction on the Proof platform includes knowledge-based authentication, credential analysis of a primary ID, and selfie comparison.
Learn more about how to create transactions that use IAL2 identity verification:
AAL2 — Authenticator Assurance Level 2
AAL2 is the middle of three levels that determine how users prove their identity at login. To be AAL2-compliant, a platform must use multi-factor authentication (MFA) — requiring users to provide two different types of verification.
Users must provide #1 and either #2 or #3 from the list below:
- Something they know (like a password)
- Something they have (like a security key)
- Something they are (like a fingerprint)
AAL2 significantly reduces the risk of account takeovers and unauthorized access compared to single-factor methods, making it essential for protecting valuable data and transactions.
Summary Checklist
- IAL2 requires validating a government-issued photo ID and confirming identity through record checks.
- IAL2 on Proof includes KBA, credential analysis, and selfie comparison.
- AAL2 requires MFA: a password plus a security key or biometric.
Updated