Multi-factor Authentication adds another layer of defense against hacking attacks.
Stolen passwords are among the top causes of company data breaches. A Verizon study revealed that about 81 percent of security breaches leveraged either stolen or weak passwords.
Due to the growing number of data breaches involving stolen passwords, many companies today are turning to multi-factor authentication (MFA) technology to mitigate password risk. While a user login and password remain a critical part of security, they are no longer enough to reduce the risk of compromised credentials, especially with the rise of cloud adoption. One study revealed that about 90 percent of user-generated passwords can be cracked in less than six hours.
How Does MFA Work?
MFA, sometimes referred to as two-factor authentication (2FA), adds another layer of defense against hacking attacks, making it more difficult for hackers to access your company’s applications and networks. It requires users to provide two or more methods of authentication to verify their identity to log in or complete a transaction.
MFA uses a combination of two of the following three options to verify identity:
- Knowledge factor or something you know, such as a password or pin number
- Possession factor or something you have, such as a mobile device
- Inherence factor or something you are, like a fingerprint or voice
Although an MFA solution provides a lot of benefits, it only works if it’s implemented properly. Successful MFA implementation requires careful planning in order to avoid complexity and improve user experience, while also strengthening security.
Best practices to consider for a successful MFA implementation and adoption:
1. Apply MFA across all access points and users
MFA is most effective when you apply it across all users (end and privileged) and across all access points within your company (including on-premise and cloud resources and applications, servers, endpoints, and privileged commands).
Deploying MFA in pockets or silos may leave your company vulnerable to attacks, such as unauthorized access and password-based cyberattacks. It’s just the same as locking the front door of your house and leaving your back door wide open.
2. Integrate adaptive, context-based authentication
Context-based authentication improves threat alert or fraud detection by leveraging contextual information — such as network, location, time of the day and device settings — to verify the user’s identity. For instance, if your employee is logging into his account via your company’s network, he could be granted access using his username/password credential. But, if he is logging in from an unknown network and device, he will be asked for additional authentication factors.
Context-based authentication improves security and user experience because it doesn’t always ask for MFA. It only triggers the MFA when your system detects unusual context or behavior.
3. Provide a range of authentication methods
Today, a wide variety of authentication methods are available to companies, including:
hardware tokens (e.g., USB device, key fobs or Smart Cards)
- soft tokens (e.g., mobile apps that generate a One-Time Password or OTP)
- SMS/text message
- phone call
- security questions
Providing a choice of authentication methods allows your company’s users to choose which ones work best for their given situation. For instance, if a user’s smartphone isn’t connected to the internet, she can still use the OTP generated through the mobile app.
4. Opt for an MFA solution that adheres to standards-based security and certifications
Make sure that your MFA solution not only works well with your current IT infrastructure but also complies with such standards as Remote Authentication Dial-In User Service (RADIUS) — a network protocol that provides protection to networks against unauthorized access — and Open Authentication (OATH), an open technology standard designed to enable strong authentication for devices from multiple vendors.
5. Combine MFA with other identity security solutions
Combining MFA with other solutions, such as single sign-on (SSO), helps you further improve protection against cyberattack. SSO works by verifying your identity through MFA as you log in. Once your identity is authenticated, you are logged into your SSO software. From there you have access to the covered applications of the SSO software without the need to log in for each application or cloud service separately.
6. Continuously re-evaluate MFA
The threat landscape and IT infrastructure are constantly evolving, so you should carry out regular assessments to make sure your MFA technology is continuing to meet your company’s needs. Regular assessments allow you to detect any issues and determine if you need to make necessary adjustments to ensure that your MFA system continues to deliver value for your company.
Taking Your Security to the Next Level
In today’s complex, hybrid IT environment, companies should consider adopting multi-factor authentication to boost security, protect user identity and improve user experience.
To learn more about how to strengthen your company’s security with MFA, contact one of our experts today.