guide

Ultimate Guide to

Multi-factor Authentication

1 - Make Sure Your Users Are Who They Say They Are

2 - Deconstructing MFA: Evolution, Authentication Factors, & More

3 - Benefits of Adaptive MFA

4 - Use Cases for Adaptive MFA

5 - How Adaptive MFA Works

6 - Conclusion: Improve Security & Experience with Adaptive MFA

3 - Benefits of Adaptive MFA

Striking a balance between security and experience isn’t easy. But it’s exactly what adaptive MFA was made for.

Reduced Risk of Breach

Using MFA makes it more difficult for hackers to steal credentials or use brute force to breach your systems. Given the magnitude of costs associated with a typical breach—including the lost revenue and damage to your company’s reputation—proactively reducing your risk of breach can have a substantial impact on your top and bottom lines.

 

Adaptive MFA extends beyond the basic multi-factor authentication protocol to apply authentication requirements based on the risk involved in the requested access. If the risk is low—such as accessing non-sensitive resources from a recognized device—you can require minimal authentication requirements. On the other hand, if the risk is high—like a money transfer request made from a foreign location—you can set policies to require additional authentication. 

 

Improved User Experience

Because adaptive MFA allows you to dynamically step authentication requirements up or down, it delivers a better, more streamlined experience for legitimate users. If a user is performing a routine transaction or making a routine request, they’ll have the seamless experience they expect. And if they’re attempting something more sensitive or risky, they’ll be prompted for additional authentication that provides security reassurance. 

 

Adaptive risk-based MFA is the key to delivering a frictionless and consistent user experience. You’re able to strengthen security only as warranted, stepping up authentication requirements for high-risk access and reducing them for low-risk access. Users exhibiting safe and predictable patterns of use—arguably the vast majority of your access requests—are able to quickly and easily access resources.

 

 

MFA + SSO: How to Increase Productivity & Reduce Administrative Costs

MFA improves security by requiring users to provide additional information to prove they are who they claim to be. At the same time, adaptive MFA improves experience by adapting authentication requirements to the situation instead of requiring a one-size-fits-all approach. 

 

While MFA minimizes reliance on password authentication alone, it doesn’t address the root problem of password sprawl. Your users are expected to create, remember and manage a growing number of passwords, numbering in the dozens if not hundreds for the average user. Their password fatigue is a large part of why their passwords are weak in the first place. 

 

The issues with passwords don’t end there either. It’s estimated that the average employee spends 12.6 minutes each week or 10.9 hours per year entering and/or resetting passwords.1 This may seem insignificant on an individual level, but when you do the math across an organization of, say, 500 employees, the loss of productivity is a six-figure problem. If your organization is bigger than around 3,000, you can add another zero.

 

You can overcome this costly problem while also improving security and experience with single sign-on (SSO). SSO allows users to sign on once using a single set of credentials and gain one-click access to applications. Your users—whether employees, customers, or both—no longer have to manage or enter multiple passwords, streamlining their experience and saving time.

 

Fewer passwords is better for your IT team, too. By reducing the number of passwords in use, you significantly reduce the number of password reset requests you need to manage. This frees up your helpdesk to focus on more pressing priorities and high-value initiatives.

 

When you implement MFA and SSO, you drastically reduce the number of passwords in play and provide an additional layer of protection for the “one” password that remains. MFA combined with SSO helps you:

 

  • Increase employee productivity by reducing time spent logging into applications.

  • Improve security by mitigating password sprawl, eliminating poor password hygiene and curtailing reliance on password vaulting.

  • Reduce password reset requests and their associated costs.

  • Respond to BYOD and mobile access demands.

 

1 The 2019 State of Password and Authentication Security Behaviors Report, Ponemon Institute

 

chapter 4