MFA goes above and beyond traditional passwords and PINs and requires users to provide an additional authentication factor. This could be anything from a face scan or fingerprint to a security code sent by SMS or generated by a local device such as a mobile phone.
Taking this approach significantly enhances security because, for a cybercriminal to gain access to an account or a network, they will need more than just a password. The likelihood that the same criminal will also have access to the user’s SMS messages or mobile phone is significantly lower.
Different authentication factors
There are a large range of additional factors that can be part of an MFA mix, but all fall into one of three categories:
• Something you know (knowledge): The most common knowledge factor is a password, however others include PINs, passphrases, and security questions. Unfortunately, these factors have become less secure over time as users fall victim to phishing attacks, hackers steal or buy passwords on the dark web, and people openly share personal information on social media sites.
• Something you have (possession): This category includes physical devices such as mobile phones, tokens, key fobs, and smartcards.
• Something you are (inheritance): These factors, also known as biometrics, are the unique physical traits all humans possess. They include fingerprint scans, voice or facial recognition, retinal scans, and other methods such as monitoring a heartbeat to ensure the party trying to gain access is a living being rather than a bot.
The business benefits of deploying MFA
Organisations that opt to deploy an MFA infrastructure stand to enjoy some significant benefits as a result. The top eight benefits are:
1. Increased security: When users are required to provide multiple credentials before they can access accounts or networks, it makes it very unlikely that hackers will be able to achieve the same thing. A recent survey conducted by Ping Identity revealed that security and IT professionalsconsider multi-factor authentication to be the most effective security control to have in place for protecting on-premise and public cloud data.
2. Reduced risk from compromised passwords: While passwords are the most-used form of authentication, they are also the least secure. Many people use the same password in multiple places or have one that is readily guessable. A 2021 Verizon Data Breach Investigations Report found that 61% of breaches in 2020 were executed using unauthorised credentials.
3. MFA is a highly customisable solution: Each authentication factor delivers multiple options and gives organisations the ability to customise the user experience. For example, users might have access to fingerprint scanners on their smartphones, but not retinal or voice recognition scanners. Two factors may be sufficient for some use cases, while others may require all three authentication factors.
4. MFA is compatible with Single Sign-On (SSO): MFA can be embedded into applications and integrated with a single sign-on tool. Users then no longer have to create multiple unique passwords or make the risky choice of reusing the same password for different applications when logging in. Together with SSO, MFA reduces friction while verifying a user’s identity.
5. Scalable for changing user bases: MFA can be readily adapted to suit an organisation’s particular requirements. When a single sign-on capability is added, MFA eliminates the need for multiple passwords, streamlines the login process, improves the user experience, and reduces the number of calls to IT departments for password assistance.
6. MFA improves regulatory compliance: As well as improving security and productivity, MFA may also help an organisation meet regulatory requirements. For example, Payment Card Industry Data Security Standard (PCI- DSS) requires that MFA be implemented in some situations to prevent unauthorised users from accessing payment processing systems.
7. MFA enables enterprise mobility: The pandemic led to a significant rise in remote working and saw employees accessing centralised resources from outside the traditional corporate firewall. Using MFA to log into business applications, especially when integrated with SSO, provides the flexibility and 24/7 access employees need, while keeping networks and data protected.
8. MFA is adaptable for different use cases: Some situations call for greater security, such as high-value transactions and accessing sensitive data from unknown networks and devices. Adaptive MFA that uses contextual and behavioural data such as geolocation, IP address, and time since last authentication to assess risk can significantly improve security in these instances. If an IP address is considered risky or other red flags are raised, authentication factors can be added as needed to gain a higher level of assurance about a user’s identity.
MFA clearly has a lot to offer organisations of all sizes that are keen to improve their levels of security without bringing in overly onerous requirements for staff. Make 2022 the year you deploy MFA within your infrastructure.