What is Multi-Factor-Authentication and why do you need it?

A password is not enough

Like many organisations, your workers are using corporate and personal devices, and your applications, network, and data can be accessed remotely.  IT must enable both seamless and secure access to applications, but with weak, default, or stolen passwords responsible for around 80% of all network and data breaches*, is ‘the password’, a secure enough system? The answer is no – this is a system that grants access to anyone that enters the required password, regardless of whether that person is authorised. If you’re looking for the simplest, and most effective way to make sure your users are who they say they are, then Multi-Factor-Authentication (MFA) is a must.

How does multi-factor authentication work?

With MFA you can authenticate the identity of a user with multiple independent credentials, or ‘factors.’ Unless an attacker has all of the factors required, access will be denied. How does this work? These factors are mostly separated into 3 categories: knowledge factors, (password, pin number etc.), possession factors (smartphone, laptop etc.), and inherence factors (biometrics). For example – a major flaw with passwords is that they cannot prove your identity. Biometrics solve that problem, because your biometrics are you. Similarly, push notifications delivered by an MFA App on your mobile device ensures you are in control of your access.

Mobile phone with multi factor authentication

What to look for in your MFA solution

Any authentication solution must be effective against threats related to credential theft, AND, must have underlying security and reliability. You’ve correctly invested in the firewall, anti-virus software, cloud security, but the reality is that without MFA, these security measures can be bypassed

Policies and controls

As a best practice you need to categorize any systems that contain access to critical data and add MFA to those. Make sure you can enforce granular, contextual policies based on user, devices, and location to protect access to these applications. For example. Is the user logging on from a new location for the first time? Make sure to add MFA into the mix here.

Visibility

See what’s happening across your estate with insight into the users and devices accessing your apps and data. Make sure you can see authentication attempts and statistics.

User experience

If you’re correctly making your users undergo this process, at least make it efficient for them! The more intuitive the software and authentication methods available, the more flexibility your users have. Single sign on (SSO) can actually speed up the login process, giving access to all applications after the first login via that device

Authentication methods

Popular methods include biometrics and Push Notification Apps for factors that are the hardest to break.  Other methods include (U2F Security Tokens, Phone Callback, Mobile Passcodes, Hardware Tokens, SMS Passcodes, Bypass codes).

Scalable for growth

As your business grows MFA needs to support new users, applications, and devices, without having to rip and replace the existing infrastructure. Consider how it may integrate with ongoing or future business initiatives, including Bring Your Own Device (BYOD), mobile enablement or the adoption of cloud applications

What are some examples of multi-factor authentication?

We recommend DUO MFA and Single Sign-On (SSO) solutions, combining a robust underlying security infrastructure along with a choice of authentication methods that for intuitive user experience. DUO Push allows users to approved push notifications and verify their identity via the DUO mobile app.

Learn more about DUO, watch our webinar ‘DUO Security for multi-factor authentication’.