guide

Ultimate Guide to

Multi-factor Authentication

1 - Make Sure Your Users Are Who They Say They Are

2 - Deconstructing MFA: Evolution, Authentication Factors, & More

3 - Benefits of Adaptive MFA

4 - Use Cases for Adaptive MFA

5 - How Adaptive MFA Works

6 - Conclusion: Improve Security & Experience with Adaptive MFA

1 - Make Sure Your Users Are Who They Say They Are

Applications and data are becoming increasingly accessible. As we exchange and share information more often and in new ways, we’re improving how we do business. But as security professionals, we’re also facing new challenges when it comes to providing secure and convenient access to those who need it—while simultaneously protecting sensitive data and resources from those who don’t.

 

It’s also becoming harder to make sure your users are who they say they are. And cybercriminals and others intent on capitalizing on any vulnerability know all too well that our latest challenges represent their next opportunities.

 

It doesn’t help that the bad actors’ tried and true techniques—like phishing and other attacks that leverage weak, default or stolen passwords—are still so darn effective. The reality is that the poor password practices that have plagued enterprises for years have also remained remarkably consistent.

 

Despite knowing better, your users’ password practices are still shaky at best. Your employees are likely using their work emails to register at all sorts of websites. Sometimes, they also reuse corporate passwords, share passwords with others, or even write them down. You can also assume that your customers, vendors and partners are no different.

 

Said plainly, if you’re relying on passwords to make sure your users are who they say they are, you’re putting your enterprise at undue risk.

 

Of course, cybercriminals know this all too well. If they’re successful at breaching one domain, they’ll opportunistically retry those credentials across multiple sites to see where else they might work. They also know if your users are required to create more and more passwords to access applications, old passwords may very well come back into play. So even if their attempts aren’t successful today, they could be tomorrow.

 

As if cyber threats aren’t enough to contend with, your customers also have higher expectations than ever about their interactions with your organization. Despite an ever-increasing threat landscape, you can’t make your security measures too prohibitive or you’ll face low adoption and high drop-off rates. You could even lose your most loyal customers to a competitor who’s easier to work with. 

 

Given the factors at play, striking a balance between security and experience might seem like a pipe dream. It’s not. You can strengthen security and improve experience with multi-factor authentication (MFA). You know that MFA is a tried and true security method. And modern advancements in MFA remove the friction associated with legacy MFA solutions, while offering more flexibility and control than ever.

 

To gain a deeper understanding of how MFA works and how you can use it to increase security, let’s explore 5 common vulnerabilities and how MFA protects against them. 

 

How MFA Protects Against 5 Common Vulnerabilities

Defending against cyber threats can seem like an overwhelming endeavor given the number of ways that credentials could be compromised. But many successful credential thefts fall into one of five typical scenarios. And MFA is equipped to deal with all of them.

The Eager Employee

Employees can easily fall prey to phishing and more targeted spear-phishing attacks. Often these take the form of emails promising bonuses or rewards. All it takes is one eager employee inputting their login information to claim their so-called award for your enterprise to become the next statistic.

 

In this situation, the best offense is a strong defense. If you operate under the assumption that credentials will be stolen, you can rely on MFA to thwart the hacker’s success. By requiring an additional factor to authenticate, like a mobile phone or fingerprint, MFA can stop bad actors in their tracks. And with adaptive MFA, you can step up authentication only when warranted by risk, so you don’t unnecessarily impede employee productivity.

The astute administrator

You typical employees aren’t the only ones in a savvy hacker’s crosshairs. Those with access to your server infrastructure are also prime targets. Secure Shell (SSH) attacks attempt to penetrate the network protocol used by sysadmins and website administrators to remotely make server-level changes. These spray-and-pray attacks attempt to use a single username and password combination across thousands of servers in hopes of getting lucky.  

 

Adaptive MFA allows you to enforce policies for SSH logins through a pluggable authentication module or via ForceCommand. Both are proven defenses against rogue logins to Linux and Unix systems.

 

The Perilous Partner

Partners represent a similar threat landscape as your employees—only multiplied. While partnerships are an integral component of enterprise digital transformation efforts, providing third-party organizations with access to internal data expands your attack surface significantly. 

 

But you can minimize the risks with MFA. By requiring that your partners provide an additional factor to prove they are who they claim to be, you can save perilous partners from themselves—and protect your enterprise against costly data breaches.

 

The Looted Laptop

Despite your best efforts to educate and warn them of the risks, your employees may still be storing sensitive and unencrypted data on personal and corporate mobile devices for their own convenience. When devices housing sensitive data are stolen and the theft results in a breach, the impact can be significant.

You should keep providing guidance and education on secure data storage practices, but training alone isn’t enough. You can use modern MFA solutions that integrate with desktop and laptop login systems to create a strong defense against this risk.

The Careless Consumer

We all know that we’re supposed to create unique logins, but doing so requires some creativity and an easy way to keep track of all of those hard-to-remember credentials. So instead, most consumers continue to use the same usernames and passwords across multiple sites—and patient hackers continue to exploit this reality using credential cracking/stuffing attacks.


While consumer adoption of MFA is notoriously difficult to achieve, you can smooth the way by embedding MFA directly into your customer-facing mobile apps. Doing so will strengthen security while also streamlining your customers’ digital interactions. MFA enables the use of convenient out-of-band push authentication mechanisms like swipe, tap and biometrics. You can retire previously time-consuming and annoying processes like phone calls and password resets in favor of mobile push authentication to save customers’ time and effort while also improving security.

 

Even if you weren’t convinced before, you probably recognize the potential for one or more of these scenarios to impact your organization. Given the risks, there’s little reason not to explore how MFA can help you build a stronger defense. So let’s forge ahead, shall we?

To learn more ways that MFA helps you defend against vulnerabilities, read the blog.

chapter 2