MFA gives you assurance that users are who they say they are. It requires them to prove their identity by providing at least two pieces of evidence, each one from a different category. These categories include: something they know, something they have and something they are.
Weak and default passwords or passwords stolen through phishing and other attack methods are still being used to execute successful fraud attacks and data breaches. Confirming the identities of your employees, partners and customers through MFA thwarts attackers.
You have the option of using stronger authentication methods like mobile push authentication, QR codes and FIDO-compliant authenticators instead of credentials to enable passwordless login.
Adaptive MFA can leverage frictionless, contextual and behavioral data such as geolocation, IP address and time since last authentication in order to assess risk. Based on risk, you can add step-up authentication factors to gain a higher level of assurance about a user’s identity when warranted.
Adaptive and risk-based authentication policies to balance security and productivity
Variety of authentication methods such as facial recognition and fingerprint
MFA embedded into your mobile app
Dashboards for admin insights into MFA usage and SMS costs
How Risk-Based, Adaptive MFA Works
Check First Factor
The user starts by requesting a resource and has to input their first factor of authentication which is most often a password (but doesn’t have to be). Ping’s authentication and SSO capabilities enable you to accept stronger, more convenient methods—such as biometrics—as the first factor.
Consider Risk and Context
When you add MFA everywhere without making it adaptive based on the context and risk of the situation, you’re adding unnecessary friction. Instead, Ping’s MFA policies look at the context and decide whether or not a second factor is needed at all.
Approve or Step Up Authentication
Based on the context and risk of the access request and resource, Ping’s MFA service either approves the low-risk access request right away or it sends a second factor request to the user. It will do this before sending the higher-risk access approval back to the authentication authority.
How Do I Get Started with Passwordless MFA?
Passwordless MFA is the term used when an authentication flow doesn’t include a password as one of the security factors, while also leveraging more than one advanced authentication mechanism to determine if a user is who they say they are. By utilizing risk policies, biometrics, device trust and more, you can make logins more secure and frictionless for everyone.
The first step to integrating passwordless MFA into your business is through centralized authentication, which provides the foundation for passwordless to scale across your organization. The second step is risk-based MFA which adds intelligence, enabled by biometrics and dynamic risk scoring. Finally, utilize FIDO which helps prevent phishing attacks with trusted devices. The ultimate destination? Frictionless login for continuous authentication in a mature Zero Trust environment.
A step-by-step passwordless journey:
Modern MFA vs. Legacy MFA
Modern MFA improves user experience and security by enabling context-based adaptive authentication and broad self-service capabilities. Admins can use APIs, SDKs and integration kits to make implementation with existing infrastructure a breeze. All of this in a cloud-based solution means minimal effort and oversight to run effectively.
Today’s enterprises prioritize cloud-first initiatives and deployments, but the reality is that large enterprises still have many existing on-premises applications. To effectively secure all of the applications in your hybrid IT environment and cloud transition, your enterprise needs an adaptive MFA solution that supports all your use cases for both on-premises and multi-cloud environments.
Ping Products That Deliver MFA
PingOne for Workforce
MFA is part of a complete cloud solution for seamless, secure employee experiences
Improving security doesn’t have to be a headache. You can implement strong authentication in a matter of minutes. To make deployments easy, you’ll need out-of-the-box integrations to VPNs, applications like Office 365 as well as easy-to-use APIs. Plus, self-service features for your end users and simple administration can make your MFA rollout effortless.
The PingOne Cloud Platform Provides SSO and MFA for Pameijer’s Employees and Clients.
With General Data Protection Regulation (GDPR) coming into effect, Pameijer required a standards-based SSO and MFA approach that would satisfy both privacy and security regulations. One-touch swipe authentication from a mobile device makes signing in easy and safe for clients who struggle with technology. This user experience was fully customizable to Pameijer’s needs.