a good thing!
Your enterprise is under daily attack—and to the IT leader, it can sometimes feel like the rest of your enterprise is completely oblivious to those threats. While they’re trying to access the resources that they need to do their jobs, you’re trying to do your job by protecting the business from vulnerabilities caused by credential reuse (72% of employees reuse passwords across 4 or more accounts), shared passwords (69% of workers admit to sharing passwords with colleagues), phishing (44% have experienced a known attack at work) and other insecure practices, according to The 2019 State of Password and Authentication Security Behaviors Report from the Ponemon Institute.
But it doesn’t have to be an either/or situation, and security doesn’t need to get in the way of business. Modern multi-factor authentication (MFA) defends against those risks without placing a burden on your resources or your end users. It scales with you as you grow so you’re not dependent on disjointed, piecemeal solutions that quickly become difficult to manage. Modern MFA leads to happier, more productive users and a more effective IT team by ensuring just the right balance of strong security and seamless user experiences.
To illustrate how this works, let’s take a look at fictional IT director Avery. Avery
has a great security vision, with well-articulated goals and a list of strategic use cases just waiting to be conquered. The long-term technical requirements are defined, and user experience is top of mind. Avery has it all planned out.
But then things go pear-shaped—maybe a close encounter with a potential data breach because of a spear phishing attempt on the enterprise—and guess what? The long-term phased approach goes out the window. Avery has to react and get something out this quarter, all while faced with resource and funding constraints.
Avery needs a solution that can cost-effectively improve security, fast. It may seem like a near-impossible task, but modern MFA is well-built for such scenarios. The value of MFA is that it provides added assurance that users are who they say they are, wherever, whenever and however they need access to company resources. This makes it easier for Avery’s team to ensure a safe, user-friendly environment throughout the organization.
To see modern MFA in action, let’s explore four disparate use cases. They take place in different locations and on different devices, but they all have one thing in common: a great user experience achieved without sacrificing security.
Emily is in dire need of a double espresso before the morning company pep rally, so she stops by her local coffee shop before heading into the office. Needing to catch up on work emails, she fires up her laptop and tries to sign in to her email account. After she enters her username and password, she gets a push notification to her mobile phone, which she approves with a swipe, and boom—Emily is authenticated.
This is a case of contextual step-up authentication, and it’s probably one you’re familiar with. Contextual step-up MFA works in the background, relying on various data points to determine whether or not the user needs to provide additional levels of assurance. It can use multiple factors (in this case, something Emily knows in the form of her password, and something Emily has in the form of her smartphone) to establish her identity, while still delivering a smooth user experience.
A caffeinated Emily arrives at the office and sits down at her desk. She logs on to the company’s SaaS productivity suite by entering her credentials, but this time she isn’t prompted to authenticate via her smartphone, even though it is sitting nearby. Instead, she appears to be automatically approved, and she is able to quickly access her documents.
To Emily this is a seamless login process, but behind the scenes, contextual MFA is hard at work. Even though no active push notification was sent to Emily’s phone, the device was still an integral part of the authentication process in this routine situation. The MFA technology sent a silent push to her device, which sent back her physical location. Based on that information and the network she was authenticating to, the system used geofencing to identify her as a user in the company office and didn’t prompt Emily for additional factors.
Over in the IT office, Avery is about to access the firewall’s admin portal. Strong security is paramount in this high-risk situation, so Avery uses a biometric authentication process in Windows Hello, which recognizes the IT director’s facial characteristics. Within seconds, Avery is able to log on and begin performing critical work tasks.
This instance of adaptive authentication is similar to that of our first use case, but because the resource is extremely sensitive and the risks are greater, authentication is stepped up beyond what would be sufficient in our coffee shop scenario. By requiring a biometric check such as a fingerprint or facial scan, the MFA system delivers a strong level of security while still ensuring a satisfactory user experience.
Emily’s coworker Dwayne needs to take care of an errand, so he grabs his laptop and heads out to the auto shop. He had planned to work during an oil change, but when he arrives at the facility, he realizes his phone is still back in the office. Instead of being unproductive or calling IT because he can’t log in, Dwayne can still access his resources securely. Rather than receiving a push notification to his phone after he enters his username and password, he clicks a “forgot my device” button and is sent a one-time passcode (OTP) via email, which he quickly uses to confirm his identity.
This was an opportunity for Dwayne to be either delighted or frustrated, and the backup authentication system ensured it would be the former. Furthermore, Dwayne didn’t need to actually configure and register the email as a secondary authentication method, because the IT admin set it up directly from the company directory. As a bonus, Dwayne didn’t create a helpdesk ticket and drain IT’s resources because he forgot his phone.
As you can see from the above use cases, modern MFA empowers users to have great experiences while it protects company resources. To meet an enterprise’s security needs, administrators define adaptive authentication, device and pairing policies, such as limiting MFA to specific groups or apps, employing geo-fencing to skip requirements under specific scenarios, restricting users from using rooted or jailbroken devices, and defining sessions that allow users to avoid MFA prompts if previously authenticated within a predefined amount of time. Along with the mechanisms mentioned earlier, organizations have a wide range of authentication methods available, including hard tokens, voice recognition and OTPs sent via voice call or SMS.
Modern MFA solves a host of security and identity challenges. As you face an increasing volume and frequency of threats, it’s a powerful tool that decreases the risk of breaches and account takeovers while ensuring convenient experiences—and happier users.
Ping makes MFA easy. Try our cloud MFA & SSO bundle today with a free trial for 30 days. And if you're not yet ready to try us out, learn more about how Ping makes MFA easy.