Chitwan Arora | Product Manager at Thales
The impact of not having multifactor authentication (MFA) activated for all users is now well known by enterprises. Verizon’s Data Breach Investigation 2021 Report indicates that over 80% of breaches evolve phishing, brute force or the use of lost or stolen credentials. All these types of attacks can be avoided by MFA. Ponemon Institute in their 2021 Cost of a Data Breach report evaluate the average cost of one data breach at $4.24 M… Faced with these alarming findings, surprisingly, many companies have not yet activated MFA for all their users. Why?
The challenge of multifactor authentication everywhere
Two phenomena can explain this paradox:
End user adoption
Many end users consider MFA as cumbersome, especially when they need to access multiple applications during their working day. A bad user experience during authentication or activation and too frequent authentications reduce user adoption.
Variety of a user’s authentication journey…
In today’s hybrid work environments, users need to authenticate from a diverse set of context, making it difficult for IT to find the authentication method that fits each type of user.
- Due to growing mobility and remote working, more and more users need to access enterprise resources from multiple types of devices, owned - or not - by the company: mobile phones, tablets, Windows or Mac or Chromebooks...
- Many employees work in areas where mobile phones are not allowed such as production workshops, data centers, hospitals, or labs that house medical analysis equipment.
- Workstations are often shared between several workers (in call centers, shop floor, retail stores ...)
Best practices for multifactor authentication everywhere
To overcome these challenges, IT managers and CIOs should take into consideration the recommendations below:
Use an authentication service that provides a large variety of authentication methods to fit the variety of your users
Many cloud authentication services available on the market offer only one mobile app as native authentication method. This mobile app is well adapted to end users equipped with a company smart phone, but will not address:
- Employees with legacy phones or those unwilling to use personal mobile phones.
- Employees working on shared desktops
- Privileged users who need a high assurance method of authentication
- Users who need to access IT resources from a legacy Windows laptop, a Chromebook or a Mac.
Ensure support for multiple operating systems.
The majority of mobile apps available on the market support Android and IPhone. Few of them support laptops too. The latter would benefit end users who cannot use a smartphone. The broader the end devices and OS supported by the authenticator apps, the more effectively you’ll be able to address your users’ needs for mobility.
Offer an excellent user experience during authentication AND activation
Usability of the authentication method is a key success criteria of your MFA project.
Good user experience during initial activation is as important as being able to authenticate smoothly.
Make sure the solution you choose is built for security
Not all authenticator apps are equal. Offering a convenient authentication experience doesn’t have to come at the expense of security. Project managers should look for certified products and be aware that protecting authentication secrets during provisioning is fundamental to maintaining authentication integrity.
SafeNet MobilePASS+ facilitates employee’s mobility and BYOD approach
Thales understands the significance of user mobility, especially during these ever-changing times. Keeping that in mind, the latest version of SafeNet MobilePASS+ authenticator has been designed to provide unmatched security on multiple supported platforms with the best-in-class native end-user experience. SafeNet MobilePASS+ offers an effortless push authentication with biometrics making end-user authentication easier than ever before.
Not just cell phones, SafeNet MobilePASS+ works great on desktops too. This gives you even more flexibility for deploying the software authenticators in your environments, even on shared desktops and Windows servers. Yes, you can use SafeNet MobilePASS+ for multiple users with their individual authenticators on a shared desktop and still have the same level of security.
As part of our goal to address user mobility and ease of access on any end point, we just added support for Windows 11, Windows servers and Chromebooks. Later on this year, we will be introducing support for additional desktop and wearable platforms (MacBook and Apple Watch) along with full accessibility support.
With SafeNet Trusted Access, deploy multifactor authentication everywhere
SafeNet Trusted Access is a cloud based authentication and access management solution that makes easy to deploy authentication everywhere. In addition to SafeNet MobilePASS+ on all end points, you can use a very large variety of secure authentication methods to fit all users’ authentication journeys:
- Hardware : OATH HW OTP devices, FIDO devices , PKI smart cards manufactured by Thales
- Software : SMS OTP, Voice OTP, Email, pattern/browser-based GrIDsure
Consult Thales web pages to learn more about SafeNet Trusted Access and SafeNet MobilePASS+.