Deploying Multifactor Authentication: First Steps in Identity Security

Deploying Multifactor Authentication: First Steps in Identity Security

Your enterprise needs to begin deploying multifactor authentication solution on your network. No compromises. Full stop.

These strong statements come with the backing of mountains of cybersecurity and identity management expert research. As much as enterprises still rely on password-based single-factor authentication, it just doesn’t work. Indeed, hackers specifically target these systems because they represent easy marks. Moreover, single-factor authentication leaves you vulnerable to insider threats or even non-human automated attacks.

But how should your enterprise go about deploying multifactor authentication? Which factors should you employ in your identity security policies? Does step-up authentication make sense for your environment? Can you balance identity management with effective business practices?

We answer these questions below.

Why Single Factor Authentication Doesn’t Work

Oftentimes, cybersecurity inertia causes as much damage as evolving digital threats. Enterprises become comfortable and familiar with their current identity and access management solution. Therefore, they continue to use it even as hackers discover and deploy new methods of subverting or exploiting.

Unsurprisingly, this applies to single-factor, password-based authentication. For years it served as the foundation of identity management. Only in the past few years have cybersecurity experts and enterprises realized its inherent weaknesses. The latter, though, continues to struggle with the change.

According to researchers, passwords offer very little in terms of actual identity security. Even inexperienced hackers can crack them or purchase software which automates cracking them. Worse, hackers can now use publicly available information, such as through social media, threat actors can often guess users’ passwords. Distressingly, given the horrible password practices most users embrace, hackers often guess right.

Compounding matters further, users tend to reuse their passwords on multiple accounts, including their work accounts. As a result, any data breach could give threat actors more weapons in their credential stuffing attacks.

Obviously, these facts argue strongly for deploying multifactor authentication yesterday. But how can you do it most effectively?

Why Deploying Multifactor Authentication Matters

The principle rule of thumb regarding authentication is the more steps between access request and access granted, the more secure your enterprise.

Two-factor authentication, therefore, proves much more effective than password-only authentication for exactly this reason. However, more talented threat actors can circumvent the second step in two-factor authentication. In most cases, they can interfere with SMS messaging and trick employees into giving their passwords away without realizing it.

That’s why deploying multifactor authentication—with three, four, five, or more steps, offers so much more identity security in the long term.

Of course, the most dedicated and experienced hackers could subvert your identity security with MFA. However, this would cost them time and effort they could invest in attacking weaker targets; hackers prefer to follow the path of least resistance. Deploying multifactor authentication thus works as cybersecurity protection and as a deterrent.

Here’s how you can get the best identity and access management today.

Get the Right Solution

Deploying multifactor authentication begins with selecting the right IAM or privileged access management (PAM) solution for your enterprise. Privileged access management especially helps protect users’ identities through strong authentication, including your superusers. In fact, many serve as the innovators of MFA factors.

However, not every solution is created equal. Put another way, your distinct business use cases poses unique identity management challenges which not every solution can accommodate. Additionally, the demands of your privileged users naturally differ from those of other enterprises; the number of privileged users, their involvement in your business processes, and what databases they access regularly should affect how you begin deploying multifactor authentication.

Thus, you must select a solution which fits your needs. Don’t skimp on the self-assessment.

Deploy the Right Factors

Multifactor authentication can involve any number of potential factors. These can include:

  • Geofencing.
  • Time of Access Request Monitoring.
  • Physical Biometrics.
  • Behavioral Biometrics.
  • Hard Tokens.
  • SMS Messaging.

This list only scratches the surface of potential multifactor authentication.

However, not every multifactor authentication factor makes sense for every industry or enterprise. For example, SMS text messaging may not offer proper security for more remote workforces; hackers who obtain users’ devices could easily subvert that factor. On the other hand, most mobile devices offer built-in physical biometric readers; this obviously facilitates biometric authentication.

When deploying multifactor authentication, you need to consider what endpoints your users employ in their business processes. Additionally, you need to consider your IT environment and what factors make the most sense for securing it.

What About Step-Up Authentication?

No one disputes the identity security benefits of deploying multifactor authentication. Where enterprise decision makers tend to balk is the effect MFA has on the user experience.

Indeed, additional steps at the login portal can negatively impact user convenience. In worst case scenarios, the additional authentication factors can actually inhibit business profits and lengthen response times.

Many cybersecurity experts argue enterprises must sacrifice convenience for true identity security. After all, if your business suffered from the analog equivalent of digital threats, you would probably put up as many checkpoints as possible before granting entry.

Fortunately, step-up authentication offers a means to balance both security and convenience in user authentication. Step-up authentication asks for more authentication factors as the sensitivity of the access requests increases.

For example, a user logs in to the network by inputting only two factors. However, let’s say that user then wishes to look at a more restricted file. The step-authentication system asks for a third and possibly fourth factor to verify the user first, even though they logged in to the network.

After that, the user requests access to sensitive proprietary data. The system, in turn, asks for more authentication factors, often the most extensive (such as physical biometrics or a hard token).

As you can see, step-up authentication only becomes apparent as users engender further risks. In addition, you can employ step-up authentication only on your privileged accounts, which can do the most damage in the wrong hands.

Deploying multifactor authentication should become a major concern for your enterprise and a top priority. Now’s not the time to let your identity and access management stagnate. Your enemies never stop innovating. Neither should you.

Learn More about Deploy Multifactor Authentication

If you would like to learn more about MFA, IAM, or identity security, be sure to check out our free 2019 Buyer’s Guides. We examine the top vendors in the field and their key capabilities.

Also, you should check out Identiverse. Identiverse 2019 is coming soon, and now’s the time to sign up! Use the discount code REGISTERNOW19 when you register before May 31 to save $250! You can sign up here!

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner