Enterprises are under attack, and credentials are a primary target. According to the 2015 Verizon DBIR, 95% of all web app attacks involve credentials that were harvested from customer devices. Most enterprises use authentication to determine if someone (or something) is who or what it claims to be. However, single-step authentication with a username and password can no longer serve as secure authentication (if it ever did).
Many leading enterprises are enhancing their security and control with multi-factor authentication (MFA), allowing them to move away from a high-risk, password-based security approach. This also improves user experience across the enterprise. Taken even further, step-up MFA provides a dynamic authentication model where users--customers, partners and employees--are required to perform two or more levels of authentication, depending on policy. Based on a preconfigured authentication hierarchy, this enforces a specific level of authentication according to the policy set on a resource. In basic terms, if you have permission to access something, you need to verify your identity a couple different ways to prove you're not just someone with stolen credentials.
Here are some typical examples of step-up MFA:
A customer signs on to a banking site with a password and wants to transfer money. The bank sends an SMS to the customer's previously registered phone number to establish the required additional assurance.
A customer signs on to an e-commerce site from her iPad at home and doesn't have to authenticate until she has to change her account settings.
An employee is attempting to access a native SaaS application from the office. Because he's on the corporate network, he's not asked to perform any additional authentication.
What's best for your environment? Navigating the various factors of implementing MFA can be a cumbersome task. Listen to Paul Madsen from the CTO office at Ping Identity as he discusses best practices for MFA that will help you maneuver more easily through your options. You'll also learn about:
Choosing the right MFA mechanisms for your environment
Applying a risk-based model to step-up MFA
Best practices in step-up MFA, including risk analysis, choice of authentication factors, privacy, lock-out, registration, user opt-in, suspension and bypass, self-service, native applications, initial authentication and multiple touch points/channels.