Enabling multifactor authentication for all users is essential

Studie von Yubico zeigt mangelhafte Bereitschaft für starke Authentifizierung

The effects that arise when multifactor authentication (MFA) is not activated for all users are well known to companies by now.

Oliver Ott, Regional Sales Director DACH IAM at Thales

Verizon’s Data Breach Investigation 2021 report shows that over 80% of security breaches are due to phishing, brute force attacks, or the use of lost or stolen credentials. All these types of attacks can be avoided by MFA. In its “2021 Cost of a Data Breach” report, the Ponemon Institute puts the average cost of a data breach at $4.24 million. In view of these alarming results, it is surprising and disturbing that many companies have not yet activated MFA for all users.

The Challenge of Multifactor Authentication

Two phenomena could explain this paradox:

1. The acceptance of end users

Many end users find MFA cumbersome, especially if they need to access different applications during their working day. A poor user experience during the first activation and too frequent authentication processes reduce the acceptance enormously.

2. The variety of authentication processes of a user

In today’s hybrid work environments, users have to authenticate themselves from different contexts, which makes it difficult for the IT department to find the authentication method that suits each type of user.

  • Due to the increasing mobility and home office use, more and more users are accessing company resources from a wide variety of device types. To make matters worse, the devices are not always owned by the company: mobile phones, tablets, Windows or Mac computers or Chromebooks…
  • Many employees work in areas where mobile phones are not allowed, e.g. in production halls, data centers, hospitals or laboratories with medical analysis devices.
  • Workplaces are often shared by several employees (in call centers, workshops, retail stores …)

Best Practices for Multifactor authentication everywhere

To overcome these challenges, IT managers and CIOs should consider the following recommendations:

An authentication service should be used that offers a wide range of authentication methods to meet the diversity of users. Many cloud authentication services available on the market only offer a mobile app as a native authentication method. This mobile app is well suited for end users who are equipped with a company smartphone, but the following groups are not addressed with it:

  • Employees with old phones or those who are not willing to use their own mobile phone.
  • Employees working on shared desktops.
  • Privileged users who need a highly secure authentication method.
  • Users who need to access IT resources from an older Windows laptop, Chromebook, or Mac.

Ensure support for multiple operating systems

Most of the mobile applications available on the market support Android and iOS devices. Few of them also support laptops, but the latter would benefit end users who cannot use a smartphone. The more end devices and operating systems are supported by the authentication apps, the more effectively companies can meet the mobility requirements of their users.

User experience during authentication and activation

The user-friendliness of the authentication method is a decisive success criterion for every MFA project. A good user experience during the first activation is just as important as a smooth authentication.

The security of the solution is crucial

Not all authentication applications are the same and a pleasant authentication experience does not have to come at the expense of security. Project managers should look for certified products and be aware that protecting authentication secrets during deployment is fundamental to maintaining authentication integrity. User mobility is becoming increasingly important, especially in these ever-changing times. In addition to a variety of authentication methods, Thales also offers users a way to identify themselves via a mobile device with its Authenticator app. The solution is supported by Android, iOS and Windows devices. When accessing a protected resource, a push notification is automatically sent to the user’s mobile device, after which the user verifies himself with a tap and a one-time password is sent to the protected resource. Thus, the user does not have to remember passwords and protect them so that they do not fall into the wrong hands. Solutions such as these increase security in the company, and will also increase acceptance by employees due to the good user experience

Outsourced IT Service | Dedicated Solutions Outsourcing

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: