The goal: Ensure optimum security and preserve user convenience In today’s sophisticated IT world, relying on simple username and password authentication is no longer enough to ward off the growing volume and variety of cyberattacks. Because multi-factor authentication (MFA) requires multiple methods for identification, it’s one of the best ways to prevent unauthorized access to corporate data. At the same time, however, MFA must be reasonably easy to use to ensure high acceptance—adding too many steps can limit widespread adoption. In order to make MFA as painless and easy to use as possible, and avoid “too much MFA,” organizations should choose from a selection of authentication methods. What follows is a list of considerations to keep in mind when implementing MFA. Deploying MFA across the enterprise SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe To best secure resources and encourage user adoption of standardized authentication processes, organizations should implement MFA across the enterprise. In contrast, deploying MFA only for certain apps, users, or resources leaves your organization exposed. Implementing MFA across every user (end users and privileged users), and every IT resource (cloud and on-premises apps, VPNs, endpoints, and servers) effectively blocks cyberattacks at multiple points in the attack chain. Leverage context for adaptive MFA Organizations should use an adaptive, step-up MFA approach based on context, versus an “always on” approach. This allows authentication requests to leverage contextual information such as location, network, device settings, and time of day when confirming identity. Adaptive MFA also improves the user experience—rather than constantly asking for MFA credentials, the user is only asked to provide an additional authentication factor when necessary. Opt for a standards-based approach Compliance with standards such as Remote AuthenticationDial-in User Service (RADIUS) and Open Authentication (OATH) help ensure that your MFA solution can integrate and operate with your existing IT infrastructure. Provide a choice of authentication factors Because user experience is critical for a successful MFA implementation, organizations need to balance user convenience with adequate levels of security. A “one-size-fits all” approach for authentication factors doesn’t allow organizations to implement a solution that suits the needs of different user populations. Today, there are a wide range of authentication methods available, including: Hardware tokens Soft tokens SMS text messages Automated phone calls Automated emails Security questions Biometrics Conduct periodic assessments Last but not least, because security vulnerabilities and the threat landscape are constantly changing, organizations should conduct periodic MFA assessments. This helps ensure the chosen MFA technology meets the evolving needs of users and the organization. For more information on successfully implementing MFA, click here. Related content brandpost Making Multi-factor Authentication Easy to Use A user-friendly approach to MFA can boost security and increase adoption By Crystal Bedell Jan 05, 2017 5 mins Security brandpost How to Reduce the Risk of Windows Server Insider Threats Three common insider threats and how to thwart them By Crystal Bedell Jan 03, 2017 3 mins Security brandpost Outsourcing IT Services: Reduce the Risk of Privileged Credentials Adopting a single identity platform can help reduce security vulnerabilities By Crystal Bedell Dec 21, 2016 3 mins Security brandpost 5 Steps to Securing Privileged Access for Outsourced IT Misuse of privilege access is a major security threat u2013 but the solution is close at hand. By Chris Carroll Dec 13, 2016 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe