Passwords and single-factor authentication processes in general no longer suffice in protecting users’ identities.
Regardless of your password security strategy—which we commented on at length in past articles—passwords remain insecure for a number of reasons.
For example, passwords are:
- Infrequently changed.
- Frequently reused across accounts.
- Easily guessed or cracked.
- Often shared among employees.
While the end of the password era remains in the far future, assuming it comes at all, enterprises need to embrace new authentication protocols; these must supplement their identity security beyond what passwords can offer. Therefore, enterprises must deploy multifactor authentication methods.
Some reading this article may believe they know the multifactor authentication methods available to them. However, the white paper “Typing Biometrics and Other: Multi-Factor Authentication Methods: When Passwords Are Not Enough” by TypingDNA and Optimal IdM illustrates how much diversity exists in identity security.
Here are some of their key findings:
Why You Need Multifactor Authentication Methods
Optimal IdM and TypingDNA cite Verizon’s finding that 81% of data breaches result from weak, default, or stolen passwords.
The authors emphasize the dangers of stolen passwords via phishing attacks or analog hard copies containing written copies of the credentials. However, the authors also acknowledge the responsibility of the IT security team to monitor and secure their users’ identities.
Even when enterprises enact complex password policies and single sign-on, it doesn’t change that hackers only need to acquire one piece of information to infiltrate the network. Having more than one authentication factor reduces the chances of a hacker obtaining access; the more they have to steal, the more difficult the challenge.
What Multifactor Authentication Methods Exist?
When we discuss multifactor authentication methods, most people think of a few common factors:
- Biometric authentication, almost always in physiological terms such as fingerprints, iris recognition, or facial recognition.
- An SMS text message containing a PIN or a temporary password sent to a secure mobile device.
- A hard token, which the user brings to the endpoint to authenticate their identity.
All of these multifactor authentication methods deserve attention and recognition. However, this list only scratches the surface of possible MFA methods. Optimal IdM and TypingDNA also recognize:
- Typing Biometrics
- Email Verification
- PUSH mobile device notification
- Universal Second Factor
- Client Certificates
Even this list doesn’t do the full list the solution providers offer justice. Regardless, enterprises should diversify their thinking of multifactor authentication methods. Their choices of factors should instead reflect their digital reality—the costs involved in deployment, the user experience, the portability of the factors, and customization options.
Remember The Power of Granularity
As much as enterprises can benefit from multifactor authentication, the authors stress it may not be appropriate in all scenarios. Not every users’ login requires the high level of security (with the exception of certain sensitive verticals and industries) which comes with MFA. MFA can affect the user experience in unexpected ways, which can, in turn, affect productivity.
Therefore, enterprises should look to deploying granular MFA, which can include protocols as diverse as adaptive authentication, risk-based policy-adaptive authentication, and step-up authentication. In all cases, the principle stays consistent: MFA comes into play when the security calculation deems the risk at a certain level.
If you would like to learn more, you can download the “Typing Biometrics and Other: Multi-Factor Authentication Methods: When Passwords Are Not Enough” white paper by Optimal IdM and TypingDNA here.