Multifactor authentication (MFA) is becoming increasingly important as a security tool. Just five to 10 years ago, not many companies used MFA. Instead, organizations relied on passwords to control access to applications, data and devices.
However, these passwords became longer and harder to remember and manage. Companies forgot to change default passwords. Cybercriminals also became experts at cracking passwords.
In the wake of these developments, MFA has become the standard for identity and access management as part of a layered approach to security.
What is multifactor authentication?
MFA is a way of identifying and verifying the authority of a user immediately using a secondary method of authentication. Typically, MFA verifies the identity of users based on something they know, have or are. For example, the secondary factor could be a token, a single-use code or a biometric, such as a fingerprint or a facial scan.
An MFA strategy can be used as part of a zero-trust approach to security. Zero-trust security follows the principles of “never trust; always verify,” which are supported by the way MFA promotes identity and access management.
MFA adds another layer to a company’s defenses by ensuring that the users connecting to business resources are employees and not bad actors.
Why MFA is crucial now
MFA has become a requirement for many companies. For example, the Federal Trade Commission requires that financial institutions use MFA to safeguard sensitive financial data. Now the FTC is extending these requirements to any company that deals with customer financial information. For example, car dealerships would be subject to the requirement because they run credit checks on customers.
Under these criteria, companies in most industries will need MFA eventually. Cyber insurance providers also require that companies use MFA in order to qualify for a new or renewal policy.
Use cases for MFA are also expanding. While MFA previously focused on virtual private network logins for remote workers, now it’s being used for administrator accounts. When admins log into servers, they receive another prompt.
Today, MFA is used not only on the edge of the network but also within the network environment. Access can be controlled based on job role to prevent employees from using resources that aren’t needed for them to do their jobs.
What you need from MFA
Not all MFA solutions are created equal. For example, Cisco Duo has additional features and functionalities that its competitors don’t provide. With Duo, single sign-on addresses the complaints of employees who become tired of jumping through multiple hoops to access the resources they need.
A good MFA platform should also have risk-based authentication, in which the authentication process adjusts to match the risk level. As hackers get wise to MFA, they try to work around it. Some MFA users will experience push fatigue. If hackers keep trying, eventually the user will accept the login just to stop getting notifications. Risk-based authentication mitigates risk by looking at the location or time of an access attempt and denying the login until authority can be established.
MFA: Part of the bigger security picture
Like most security solutions, MFA isn’t a silver bullet but part of an overall security strategy. Your company needs an advisor with the security knowledge and experience to fine-tune your security policies and develop a holistic approach to IT security.
As one of the largest Cisco-certified managed service providers, RSM can help your company develop a security strategy supported by Duo and other leading security technologies. With over 10,000 Duo clients and customers and as an early adopter of this solution, we have the knowledge and experience needed to ensure your business gets the most out of Duo.