Multi-factor Authentication (MFA) has always been a challenge for end users. Requiring a dedicated token for accessing business resources is cumbersome, and it has often derailed deployments. Mobile push notifications, SMS-based approvals, and more have all changed that paradigm.
But is mobile as secure as a dedicated token? Secure application access starts with securing and managing mobile devices, whether they are corporate-owned or bring-your-own-device (BYOD). The influx of mobile devices across the enterprise demands increased security, and it has contributed to the widespread deployment of MFA to secure identities and resources.
Providing an additional layer of security
In today’s sophisticated IT world, relying on simple username and password authentication is not enough to protect critical business data and systems against the growing number and type of cyber attacks. Hundreds of thousands of credentials have been compromised and made available to attackers, making password-based security by itself no longer effective.
Because MFA requires multiple methods for identification, it’s one of the best ways to prevent unauthorized users from accessing corporate data. But applying MFA only for certain apps or users still leaves your organization exposed. Implementing MFA across every user (end users and privileged users), and every IT resource (cloud and on-premises apps, VPN, and servers) blocks cyberattacks at multiple points in the attack chain and protects against compromised credentials.
With MFA, users provide extra information, or “factors,” when they access corporate applications, networks, and servers. MFA implementations use a combination of the following factors:
- Something you know, such as a username, password, PIN, or the answer to a security question.
- Something you have, such as a smartphone, one-time passcode, or smart card.
- Something you are, using biometrics like your fingerprint, retina scans, or voice recognition.
Protecting against cyber attacks
Attackers are relentless. They hunt, phish, spear phish, scam, and social engineer both end users and privileged users to infiltrate your organization. Once inside they look for opportunities to elevate their privileges and access additional resources. By limiting the usefulness of any compromised credentials that attackers may have acquired or created, MFA restricts their ability to move laterally within the organization.
In order to make MFA as painless and easy to use as possible, organizations can choose from a selection of authentication methods.
The Centrify Identity Platform, for example, allows IT security teams to choose from a comprehensive range of authentication methods, such as push notifications to a smartphone or smart watch, a soft token one-time password (OTP), interactive phone calls, security questions, existing software or hardware tokens, USB PKI keys, and smart cards. This provides the enterprise the protection it needs to secure mobile devices without sacrificing the convenience that users demand.