Updated: Jan 20, 2020
As consumers, most of us have experienced Multi-factor authentication (MFA) when logging into one of our online accounts. Banks and financial institutions, in particular, have adopted MFA as a second layer of security because it requires a user to provide more than a single password to access the network. The system generally asks the user for additional factors to verify their identities, which might include a security question, or a one-time password (OTP) sent as a text, email, or phone call. Alternatively, for an in-person transaction, multi-factor authentication could consist of scanning a smart card, scanning a fingerprint, or facial recognition processes.
What is multi-factor authentication?
In addition to these real-life examples of MFA, security experts define this type of security as a way of combining two or more independent credentials, including what the user knows (i.e., a password), what the user has (i.e., a security token such as a smart card) and what the user is ( i.e., a biometric verification like a fingerprint). To put it simply, multi-factor identification is a combination of something the user has and something they know.
Why aren’t passwords enough?
Online passwords are a pain! Not only do individuals get annoyed having to manage their user ID and password login information, but it’s also more stressing for IT professionals and password managers because it requires maintaining a password database. Even when encrypted, password databases are now an easy target for hackers. As processing speeds have increased and costs have come down, it’s possible for even low-end password cracking tools to produce 500,000,000-plus passwords per second! With these odds, passwords alone are no longer sufficient in keeping customer data safe and safeguarding corporate networks and assets. Especially in today’s cloud era where enterprises have business-critical apps running in the cloud and many remote workers and external business partners accessing that information.
What are my options for MFA?
With more remote workers, an increase in data breaches and cybersecurity attacks, it is vital to select the right authentication method to secure corporate data and the identities accessing that data. When looking at multi-factor authentication solutions, remember it’s generally a trade-off between maintaining security and convenience along with productivity. Here are some important considerations for selecting MFA options.
Be sure users are trained to avoid workarounds - Sometimes increased security measures can mean decreased usability. While the inconvenience level is pretty low for MFA, it’s still essential users are adequately trained to use the solution and that they know how important it is to follow steps when accessing the network or applications. If the MFA solution is implemented properly, it should not present much of an inconvenience, take away from productivity, or prompt individuals to look for workarounds.
Use MFA everywhere - You wouldn’t lock your front door but leave your garage door wide-open all night. The same is true for multi-factor identification solutions. For them to work and provide that second layer of protection, organizations need to commit to using them for every application, network, and data source. MFA is way more effective when it’s used consistently across the organization.
Consider combining MFA with other security tools like single sign-on (SSO) - Combining MFA with other identity security solutions such as SSO can help keep cybercriminals out while eliminating the burden on employees to manage their passwords. SSO is helpful because it removes the need to create and remember a separate password for each application. Because passwords are often created quickly in these environments, they are generally weak and easily guessed. SSO and MFA combined can help create more secure cloud applications and data across the enterprise while eliminating frustration around password issues.
For organizations looking to minimize the risk of unwanted access to cloud-based applications, networks, and systems, they should consider passwords as a starting point. By leveraging a smart password policy and multi-factor authentication, IT teams are putting just one more obstacle between their data and cybercriminals or unwanted access. Taking steps to adopt MFA and SSO today may make the difference between maintaining a secure environment and missing the mark.