Multi-factor Authentication Best Practices for Securing the Modern Digital Enterprise
Combine Risk-based Step-up MFA with Passive Contextual Authentication to Get the Best Combination of Cost Effectiveness, Usability, and Security
Step-up multi-factor authentication (MFA) is a dynamic authentication model where the user—either a customer or an employee—is required to perform additional authentication operations, as needed, based on policy.
This white paper proposes best practices for customer and enterprise deployments of step-up MFA. It explores a risk-based approach that combines dynamic step-up authentication with passive contextual mechanisms, such as geolocation and time of day.
In this white paper, you’ll learn about:
- Authentication in depth, including its vocabulary, mechanisms, and signals.
- Choosing the right MFA mechanisms for your environment.
- Applying a risk-based model to step-up MFA.
- Best practices in step-up MFA, including risk analysis, choice of authentication factors, privacy, lock-out, registration, user opt-in, suspension and bypass, self-service, native applications, initial authentication and multiple touch points/channels.