In 2016, usernames and passwords are as much a part of your identity as your driver’s license. social security number, and birth certificate.
You’re asked for them every day and you’ve probably got several combinations, maybe even dozens. For decades, the password has been the de facto standard for digital authentication, but as it turns out, passwords aren’t very secure at all.
But the problems with passwords are well-known—even the most complex passwords may be as useless as using “password” as your password, according to some recent reports. On top of that, passwords can be sold and exchanged easily, which makes them a massive liability for large organizations. Research has shown that employees could sell their passwords for as little as $150—pocket change compared to the average cost of a data breach. So when the traditional means of authentication are clearly flawed, what’s the next step?
In this white paper, you’ll learn about:
- Authentication in depth, including its vocabulary, mechanisms, and signals.
- Choosing the right MFA mechanisms for your environment.
- Applying a risk-based model to step-up MFA.
- Best practices in step-up MFA, including risk analysis, choice of authentication factors, privacy, lock-out, registration, user opt-in, suspension and bypass, self-service, native applications, initial authentication and multiple touch points/channels.
Generally, the best practices is to step-up your security with step-up Multifactor Authentication (MFA).
Multifactor Authentication, or MFA, adds an additional step (or factor) to the authentication process, typically by pairing something the user knows, such as username and password, with an action, or something the user has, such as an SMS message to their phone, an email, or a token.
Most of us have some experience with this. For example: say you want to transfer money from your bank account online. Instead of simply requiring a password, your bank probably sends an SMS to your phone to establish the required additional assurance.
MFA quickly becoming a commonplace,essential part of the information security toolkit. In fact, it’s often required in order to meet compliance requirements, depending on your business. But choosing the right solution and vendor for you is a complicated process—one that requires in-depth research and often comes down to more than just the solutions and its technical capabilities.
So how do you choose the right step-up MFA mechanism for your environment?
For starters, consider these 5 variables, courtesy of Ping Identity’s new whitepaper Multi-factor Authentication Best Practices for Securing the Modern Digital Enterprise, when making your choice:
- Does it support flexible, risk-based step-up authentication? Applying only the necessary amount of security depending upon the associated risk allows you to provide an optimal user experience, while controlling costs, improving fraud detection and creating an architecture that can flex to future demands.
- Can it be extended with passive contextual authentication? Utilizing passive user information—like geolocation, IP address, time of day and device identifiers—is the wave of the future. It provides better security and a better user experience, making it particularly suited to consumers.
- How easy is it for your customers to use? Providing a positive customer experience is key. Consider the limitations that your users may have, from non-smart phones to disabilities, as well as their potential resistance to new or invasive technologies.
- How can you mitigate the risk of opt-outs? Having a choice of authentication methods—like voice, SMS and email—can mean the difference between adoption and abandonment. Anticipating objections is another important step in increasing adoption. Planning to maximize usability and flexibility will yield the best outcomes.
- How easy is it for your employees to use? Employees can no longer be expected to go along with a less-than-optimal user experience, or one that is overly obtrusive. For customers and employees alike, be sure to balance usability with cost and security to increase adoption.
Those five questions provide a solid foundation for the solutions assessment process, but to learn more about MFA, I strongly suggest checking out the Multi-factor Authentication Best Practices for Securing the Modern Digital Enterprise white paper from Ping Identity.
This straightforward white paper proposes best practices for customer and enterprise deployments of step-up multi-factor authentication (MFA), without getting too jargony and convoluted.