Leveraging MFA to Reduce the Risks of a Remote Workforce

Tracking, securing, and mitigating risks involving online accounts, logins, passwords, and systems are daily tasks for any IT team. These priorities haven’t changed that much since COVID-19 started; if anything, these same activities have become more daunting.

The remote workforce requires IT teams to ensure employees have access to the resources they need, from any location, all while maintaining security throughout the business. However, they are now dealing with a long-time challenge: proactively protecting the identity and access of their employees to the company’s resources. 

The exponential increase of applications and devices that employees are leveraging to make their own job easier from home is equally reducing the visibility into the potential threats to the organization. Authentication technologies help IT verify users and get more insights into all the end points in use while providing security for the approved users. With the right authentication solution in place, even if a user’s credentials are stolen, attackers can’t access an account without further verification factors.

Implementing MFA to improve employee security

In today’s remote work environment, there is a critical need to balance security with ease of use. Clunky hardware and manual authentication steps can slow down employees and cause frustration. Leveraging what the user already has and can easily access – like their smartphone, and their fingerprint – offers a much more convenient experience for employees.

With MFA, a user must enter not only username and password to access a business resource, but also leverage their device to swipe a finger or scan their face to confirm identity. These elements are used to more accurately verify the user before granting access. High-risk scenarios or suspicious activity can trigger additional login requirements or verification steps.

Since passwords are so vulnerable – whether to phishing, social engineering, even brute-force – adding MFA strengthens the security of any password-protected account. Any access point, as well as business resources – from VPNs to SaaS apps – can be secured with MFA.

At LastPass, we recommend a few MFA methods for seamless access to the resources employees need to get their work done – whether in the office or working remotely:

• Two-Factor authentication (2FA) is the most basic step. 2FA combines two distinct factors, a password (knowledge) and a code generated by an app on a smartphone (possession) or a fingerprint swipe (inherence). This is a great starting point for organizations; however, it is a limited approach since it doesn’t fill all the gaps that different locations, personal devices, levels of access and attributes, as well as user behaviors bring to the enterprise.

• Contextual authentication is a type of MFA that adapts authentication requirements based on the context of the login. Through this process, on top of a password, contextual factors like time of day, the geographic location, and the IP address in which the user is attempting to login are taken into consideration. IT teams gain better context into the login to enforce stronger MFA requirements for suspicious activity, while employees are able to easily authenticate through a simple process.
• Passwordless authentication enables employees to securely log into their work without having to type a traditional username and password. Various factors are in place for the employee to authenticate easily without having to type in a password – for example, receiving a push notification on their phone, which after accepting requires their fingerprint to gain final access. The employee would complete two or more factors in alignment with the MFA policy, without typing a password which is an easier experience. The removal of the password from the user experience reduces potential concerns typically associated with password-based authentication.

The ideal MFA solution offers flexible controls, scalability as the business grows, out-of-the-box configuration, and a user experience that employees love. Businesses need an integrated solution that supports existing applications, with policies and reporting that track a user from authentication to access for more control and visibility.

Stronger security, without slowing employees down

As businesses worldwide are working remotely, it is more important than ever to ensure every access point in the business is protected. With employees accessing work applications from multiple locations, MFA simplifies authentication to secure both the company’s resources and its people.

While there are multiple options and different facets of MFA to choose from, we strongly recommend adding MFA everywhere you can. From business applications, mobile devices and workstations, to the corporate VPN, by enabling MFA you can help secure every employee login regardless of where that login originates.

LastPass MFA protects your business with today’s leading technology while simplifying the login experience for employees. It goes beyond standard 2FA to ensure the right users are accessing the right data at the right time, without any added complexity. Learn more about how LastPass helps make authentication secure and seamless here.

Gerald Beuchelt, Chief Information Security Officer, LogMeIn

Gerald Beuchelt is the Chief Information Security Officer at LogMeIn, makers of password and identity management solution, LastPass. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.