Thursday, 29 October 2020 15:39

Beyond the password: why MFA is vital for IT security

By
Ashley Diffey, Ping Identity Ashley Diffey, Ping Identity

GUEST OPINION by Ashley Diffey, Ping Identity Country Manager Australia, New Zealand and Japan: Since the early days of the information technology revolution, the task of ensuring effective digital security has relied on the humble password. Used to confirm an individual’s identity, they’ve acted as the keys to vital systems and data stores.

Unfortunately, however, passwords don’t provide the level of protection required in today’s online, interconnected world. Once stolen or guessed, they can be used by criminals to log in to applications and business systems, bypass other access controls, and wreak serious havoc.

There are also a concerning variety of attack vectors hackers can use to steal passwords or gain access. These include phishing attacks, brute-force attacks, web app attacks, point-of-sale intrusions, and even stolen hardware.

For this reason, it’s important that organisations move beyond passwords and embrace a different method of authenticating users. One of the most effective is multi-factor authentication (MFA).

The mechanics of MFA

MFA is used to ensure that digital users are who they say they are by requiring that they provide at least two pieces of evidence to prove their identity. Each piece must come from a different category:

Something you know: The most common example in this category is a password, but it could also be a PIN, a passphrase, or the answer to a question. It needs to be something known only to the individual being identified.

Something you have: The second category comprises items an individual is likely to have with them when trying to gain access to IT systems. Examples can include mobile phones, physical tokens, key fobs, and smartcards.

Something you are: This factor is often verified by a fingerprint scan on a mobile phone, but also includes anything that would be a unique identifier of your physical person. This could include a retinal scan, voice or facial recognition, or any other type of biometrics.
If one of the factors used been compromised by a hacker, the chances of another factor also being compromised are low. This, therefore, provides much stronger security than just a password alone.

MFA and mobility

As well as providing improved security for centralised IT systems and devices, MFA is also an effective way to enable enterprise mobility – something that is high on the priority list for any organisation undergoing a digital transformation strategy.

Studies show that productivity is increased when employees can use their preferred devices to easily and securely access all of the resources they need without being tied to a central office.

By using MFA to log via a VPN, they are able to have the flexibility and on-demand access that they require, while organisations can ensure their infrastructure remains protected.

MFA and customers

While usage of MFA tends to focus on an organisation’s staff, many are also extending its usage to customers. Organisations are encouraging customer use of MFA by explaining how it can not only enhance account security without significantly impacting their sign-on experience, but also make their other interactions more streamlined.

Some organisations are even opting to make an MFA capability available through their own customer-facing mobile applications. This makes it more appealing to use as customers don’t have to download and install a separate app on their chosen device.

Some may not feel the need to require customers to use MFA in all cases. For example, they might choose to bypass MFA in low-risk scenarios, while requiring stronger security in high-risk situations.

For example, a bank may allow a customer to log into their account online with just a password but then require a second authentication factor before any transactions can be completed. A retailer may allow access to their website but require stronger authentication before a purchase can be made or account details viewed.

Overall, an effective MFA strategy will balance the risks of compromised credentials against the impact on customer engagement. Any system needs to be easy to use and not become a barrier to interactions.

It’s clear that passwords can no longer provide the levels of security needed to protect IT systems and data. By embracing MFA, organisations can ensure they have vastly improved security for their infrastructure, staff and customers. Consider whether MFA is right for you.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments