Multi-factor authentication or MFA is becoming a standard for businesses as they move toward Zero Trust security strategies. Zero Trust security is the best way to protect a cloud-based environment with remote or hybrid workers.
What to Know About Choosing MFA Factors
There are different ways that you can use MFA and configure Zero Trust security architecture in your business, and one of your big goals in doing so should be the highest level of cybersecurity without impacting productivity negatively.
Multi-factor Authentication is an authentication method that requires users to provide two or more verification factors to access something like a VPN, online account, or application.
MFA is part of identity and access management (IAM) policies. It goes beyond simply asking for something like a username and password, therefore significantly reducing the likelihood of a successful cyberattack.
With more people working remotely, MFA is one of the most important ways to protect your organization and improve security. Otherwise, usernames and passwords are vulnerable to brute force attacks, and they can be stolen.
There are a lot of ways you can configure MFA specifically, based on the needs and preferences of your users.
The factors in MFA fall into one of three categories. There is knowledge, or things you know. This might include a password or PIN.
The next category is possession or things you have, like a smartphone.
Then, there’s a third category, which is inherence. These are something inherent to the individual, like a biometric.
With cloud computing, MFA is even more important. If you’re in the midst of a cloud transformation, you are no longer relying on the physical security and control of an on-premises perimeter.
You need to have additional security put in place as your users access your systems at any time and from anywhere.
Below, we explore some of your options are as far as choosing MFA factors.
Biometrics
The use of biometrics as a factor may seem advanced for your business, but the reality is that this is effective and perhaps more attainable than you might realize. With biometrics, you’re using a factor inherent to your user.
With the use of an inherent factor, your employees can’t forget it or lose it. It also makes it very difficult for a cyberattacker to phish or fake it, or intercept it.
For your employees, it doesn’t require much effort on their part, which is good from a productivity standpoint.
There can be some issues with cost and availability, though, and that’s undeniable.
For example, your employees’ computers might not universally have a biometric scanner, so you may have to invest in hardware.
Within the larger category of biometric factors, there’s facial recognition. This is used on smartphones already, and newer computers are increasingly offering facial recognition as a way of logging in.
It requires minimal effort from employees, but the downside is that it’s not available on all devices.
Fingerprint recognition isn’t standard on devices right now either, but there are fingerprint scanners available to plug into devices. Fingerprint scanners are increasingly becoming commonplace in businesses.
TOTP
TOTP is a time-based one-time password.
These are used to authenticate the identity of your users by sending a temporary, randomized, and unique code to an account or a device of the user.
The user then puts that code into whatever they are requesting access to.
This is secure because a cybercriminal would need to have possession of several user accounts and a device.
It is a phishable factor, though, which is why it’s not as inherently safe as biometric. Granted, it takes a pretty sophisticated phishing attack to intercept a TOTP, but it’s possible.
A push notification can offer the ease-of-use and high-level security of a TOTP, but you don’t have to receive and then type in a time-sensitive code.
Instead, with a push notification, your employees’ phone will get something asking them to tap a button that then verifies their identity when they’re trying to log into a work resource or application.
Tokens
There are software-based tokens, and there are also hard security tokens.
A hard security token requires equipment, which could include the aforementioned built-in fingerprint scanner.
They might require input codes.
There’s another type of token called a connected token. A connected token can be assigned to a user, and then they would plug that into a device, which would complete their multi-factor authentication.
The downsides of connected tokens are the fact that you have to pay for the hardware, and that can be a burden. Plus, there’s a chance your employees could lose their hardware, such as a security fob.
Disconnected tokens also require carrying something like a fob, similar to a connected token, but they instead issue a TOTP.
What About Single Sign-On?
Single-sign-on might be one component of MFA but not necessarily a replacement. Instead, in the ideal situation, SSO would be verified through MFA. SSO uses a single set of secured credentials so your employees can gain access to their needed IT resources to do their jobs.
If your users tend to struggle with the steps of the MFA process, or they don’t like having to go through these additional steps, SSO can alleviate some of the burden and help with productivity issues.
Overall the big takeaway for choosing factors for MFA is that first, there’s no one solution that’s likely to work for everyone. You want to select an MFA solution with your employees and business needs in mind, and you want a variety of factors if you can.
You may also have to consider specific scenarios like how your users with sight or cognitive impairments might interact with MFA.
Layering MFA with SSO is going to help optimize productivity and reduce friction.
These are all things you’re likely to have to put a lot of attention on going forward, with remote work becoming more permanent.
_________________________________________________________________________
Some other articles you might find of interest:
Understand how you can maximize your time to grow your business:
Time Is Money And Your Most Valuable Resource. Use it Wisely to Build Your Business
https://www.thekickassentrepreneur.com/time-is-money
Looking for effective ways to drive and increase traffic to your startup website?
SEO Traffic Guide To Boost Your Blog Rankings
https://www.thekickassentrepreneur.com/guide-to-boost-your-blog-rankings/
Looking for effective ways to drive and increase traffic to your startup website?
3 Top Reasons Why Startups Fail and How Not to Become a Victim