Thursday, 02 April 2020 12:31

Overcoming objections to using multi-factor authentication

GUEST OPINION by Mark Sinclair

Multi-factor authentication (MFA) has been an effective security technique for years, yet many small and mid-sized Australian organisations are still reluctant to undertake a deployment.

Deterred by issues such as cost and complexity, these firms are missing out on something that can significantly improve the robustness of their core IT infrastructure. It’s a situation that needs to change quickly.

Why the reluctance?
MFA usage involves the combination of a number of different factors to improve the sign-on or log-in processes used by an organisation’s staff.

Factors include something an individual knows (a password or phrase), something they have (a hardware token or mobile device) and something they are (a fingerprint or face). These are combined in different ways depending on the organisation’s security requirements and acceptance by users.

Reluctance to make use of MFA techniques comes down to two perceived issues: cost and friction.
Many small and mid-sized companies are deterred by the anticipated required investment and believe the money would be better allocated elsewhere.

Often, company managers think they will need to deploy and manage a new on-premise server to operate the MFA infrastructure and then distribute hardware-based tokens to all users. They see these costs continuing to mount as the tokens need to be replaced or reset over time.

From a user perspective, MFA may be viewed as an imposition that increases friction by complicating their log-on procedures. Having to hunt in a bag for a token and then type in strings of numbers to gain access to IT systems appears more trouble than it’s worth.

MFA has evolved
Thankfully, MFA has evolved to the point where these issues have been resolved. Rather than requiring an on-premise server, MFA services can be delivered using a cloud-based platform as a Software-as-a-Service (SaaS) deployment.

This removes the need for investment in on-premise hardware and reduces ongoing management and maintenance. Users can be added, removed and managed quickly and easily.

For users, rather than needing a dedicated hardware token, codes can be delivered via a mobile phone. This removes the need to carry an extra item and can streamline the process.

Push notifications can be sent by the MFA system to a user’s device. Instead of having to enter a six-digit number, the user can simply respond to the notification with one press on their phone’s screen.

Mark Sinclair is ANZ Regional Director, WatchGuard Technologies

Read 1869 times

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments