white paper

Multi-factor Authentication:

Best Practices for Securing the

Modern Digital Enterprise

Combine risk-based step-up MFA with passive contextual authentication for optimal cost effectiveness, usability and security


While contextual authentication is seen as complementary to active and explicit authentication factors today, Ping Identity expects things to change in the future. We see contextual authentication becoming the norm and explicit authentication used less frequently.


This white paper proposes best practices for customer and enterprise deployments of step-up multi-factor authentication (MFA). It explores a risk-based approach that combines dynamic step-up authentication with passive contextual mechanisms, such as geolocation and time of day, for the optimal combination of cost-effectiveness, usability and security.


Download this white paper to learn about:


  • Authentication in depth, including its vocabulary, mechanisms and signals
  • Choosing the right MFA mechanisms for your environment
  • Applying a risk-based model to step-up MFA
  • Best practices in step-up MFA, including risk analysis, choice of authentication factors, privacy, lock-out, registration, user opt-in, suspension and bypass, self-service, native applications, initial authentication and multiple touch points/channels

  • analyst report

    KuppingerCole Solutions for Customer IAM

    download now
  • guide

    Essential Guide to SSO

    download now
  • white paper

    Modern Identity Architecture for the Digital Enterprise

    download now