Cyber-criminals don’t have to innovate much to succeed. They just have to widen their net. For years, the number one attack vector for security breaches has remained weak, default or stolen passwords. That’s why it’s never been more important to confirm the identity of your employees, partners and customers, and it’s also never been easier. With PingID, you can increase security with cloud-delivered, multi-factor authentication (MFA), without sacrificing the user experience.
Stringent password policies and security awareness trainings have done little to prevent users from reusing their credentials from less secure, third-party websites for corporate networks and resources. With 81% of confirmed data breaches involving weak, default or stolen passwords, the time to offer users a more secure and easier sign-on experience is now. Passwordless authentication allows you to offer end users an easier way. Mobile push authentication, one-time passcodes, Yubikeys and more can be used in place of a password to improve both security and user experience simultaneously.
MODERN MFA FOR DIGITAL BUSINESS
With PingID, users can add and select from multiple authentication methods and devices on the fly. Mobile push authentication methods such as swipe, tap, fingerprint and facial recognition can be used from personal or corporate-owned mobile devices, along with SMS one-time passcodes (OTP). But when users leave their mobile devices at home they can still securely sign on using a range of alternative second factors such as voice and email OTPs, a PIN-protected desktop application, Yubikeys, Apple Watches, Nymi Bands and more.
PingID provides support for all of your enterprise use cases. It’s simple to deploy common initiatives like MFA for Office 365 and VPN access, and it’s easy to integrate with on-premises or cloud-hosted web apps and SaaS apps through single sign-on flows, web access management systems or via the PingID authentication API. You can also implement MFA for Windows Login, and you can even embed MFA functionality directly into your own customer-facing mobile app with the PingID SDK. And an offline MFA mode allows users to authenticate locally without an Internet connection. Watch the video.
Improve productivity and lower helpdesk costs with a comprehensive set of user self-service capabilities. PingID allows your users to add new mobile devices and select from multiple secondary authentication methods if their primary method or device is unavailable. Self-service can also be provided for registration and enrollment, updating and unpairing the PingID mobile application, pairing to new organizations and sending event logs when troubleshooting is required.
The user experience often begins with authentication, so PingID offers multiple opportunities to brand and customize this important step in the user journey. The native mobile application, desktop application, user notifications and registration and enrollment screens are all customizable to your organization's brand.
EMBED MFA IN YOUR MOBILE APP
Busy customers don’t want to download an additional third-party MFA application, and using SMS or email as your only second factor can present security vulnerabilities. With the PingID mobile SDK, you can balance security and convenience for customers by embedding advanced MFA functionality directly into your own iOS or Android mobile apps. Mobile devices with your app installed can leverage unique device identifiers to become a secure, trusted device for that customer. Now, with custom push notifications from your own app, customers can approve high-value transactions, web authentications and much more.
The PingID mobile SDK helps you:
Include transactions details in MFA messages
Allow customers to manage their own trusted devices.
Use SMS and email OTPs as backup second factors.
As a cloud service, PingID is easy to install and set up. It provides your users strong authentication for all of the applications they need to get work done—no matter where they are. By cutting out on-premises infrastructure and unnecessary hardware tokens, PingID reduces the hardware burden on administrators and users alike. And it integrates with dozens of third-party strong authentication providers, enabling a seamless migration path.
If you’re evaluating MFA providers, read our checklist for five key things you should consider.
To decide on the right MFA solution, it’s important to ensure support for all of your use cases, authentication methods and security requirements. Following this decision, deployment planning should take place to avoid business disruptions, support your help desk, follow security best practices and communicate the rollout effectively. Best practices based on large enterprise requirements and company wide rollouts can make your MFA-everywhere initiatives even more successful.
THE RIGHT PRESCRIPTION FOR MULTI-FACTOR AUTHENTICATION
GlaxoSmithKline employees utilize a variety of on-premises and custom applications, and GSK wanted to make accessing these applications as secure and straightforward an experience as possible. They were in search of a multi-factor authentication (MFA) and single sign-on (SSO) solution that was easy to manage, easy to maintain and built on open standards.
GSK selected PingFederate and PingID as their primary MFA provider. Since then, help desk calls related to PingID have been extremely low at significantly less than 1 percent of enrollments. IAM Solutions Architect Brian Lewis says, “Ping has been easy to maintain, and support has been excellent.”
WANT MORE? CHECK OUT OUR ULTIMATE GUIDE TO MFA. FOR GARTNER SUBSCRIBERS, READ THEIR GUIDANCE ON CLOUD-BASED MFA SERVICES.