Posted on July 24, 2018
Another huge roadblock for Multi-Factor Authentication is the lack of token generation choices. For most MFA systems, you require some device or application to generate a one-time-password (OTP) that the system can validate. This can be done in a tonne of different ways, from SMS text messages, desktop applications, to key fobs, just to name a few.
It is important to keep in mind that what might be the best for you, might not be the best for your users. For example, how do you expect someone with impaired vision to read a key-fob or SMS message? How would you expect users to unlock their laptops by connecting to a cloud service mid-flight? There are a multitude of scenarios and no one-size-fits-all solution.
The MFA solution you decide on should have a collection of token types to cater to any user. As soon as you force your users to use a one token model, you are fighting a losing battle.
Do it right
While there are many reasons why MFA projects fail (like incompatibility with the RADIUS protocol or lack of integration accelerators), these two reasons always seem to come on top. MFA has either been implemented in a way where users feel harassed, or has been levied onto users in a way which doesn’t match their culture.
The solutions are simple:
- Implement an intelligent, risk-based, multi-factor layer that is smart enough to only show users an MFA challenge when necessary.
- Provide a large selection of token choices and use-cases; security simply cannot interfere with workflow.
Prioritise these two features in your requirement list and you are already on the right track to a more secure company.