Guest Column | February 20, 2020

Making The Move To Multi-Factor Authentication

By Patrick Kinsella, Onepath

Federal Security Authentication

Over the last few years, multi-factor authentication (MFA) has come a long way. In the past, MFA required that you carry a hard token on you at all times, but now, MFA has become a simple, one-touch endeavor. However, many still perceive MFA as a cumbersome addition to security that impacts both productivity and enjoyment. To make matters worse, experts have marketed MFA as a security necessity we should invest in, whether we like it or not.

As an industry, we need to work harder at implementing MFA smoothly. We must also change our messaging from one of fearmongering to one of enhancement, simplicity, and upgrading.

Like any security solution, MFA is not a silver bullet to security woes. But it’s certainly more effective than the complex passwords typically demanded of end users. It’s also easier to use—in fact, password complexity simply adds to the problem rather than solving it. This complexity makes traditional passwords hard to remember, which can cause users to store them in unsecure locations. Even more troubling, some users keep a list of passwords beside the very computer they’re used with. MFA, on the other hand, can ease the authentication process and add a layer of protection by validating individual users’ identities.  

Earlier iterations of MFA included legacy tokens and text messages. These versions left people with memories of cumbersome processes. For this reason, MFA technology can sometimes be viewed as a barrier to productivity or enjoyment. But in truth, MFA is an enhancement that requires little to no thought or interruption to your day.

In fact, MFA implementation is easy. While deployment requires a little time and attention, a good partner—such as an MSSP, MSP, or security implementer—can make implementation a smooth, simple, and intuitive process.

Multi-Factor Messaging

Industry messaging continues to focus on ways MFA enhances security and keeps users safe—but these features are table stakes for the security industry. Every solution should follow best practices, be expandable, and support both custom-build and common applications. And although these features are the bare minimum, such messaging is ubiquitous in MFA marketing.  

MFA’s ease-of-use compared to that of a complex password isn’t highlighted in current messaging. A shift in messaging should focus on how MFA provides enhanced security at the touch of a button. With this new focus, users will stop perceiving MFA as yet another security barrier to their productivity and enjoyment. Instead, they’ll note the technology’s negligible cost, ease of implementation, and positive productivity impact on a business.

MFA Buy-In

While the industry needs to work on improving MFA messaging, organizations need to work on getting staff and leadership buy-in. A great way to get everyone on board with MFA is to ensure there’ s a C-suite sponsor behind it, such as the CFO or CIO. This C-suite sponsor will act as a champion and supporter of MFA implementation within the firm. When MFA pitching, it’s also helpful to highlight statistics of how easy MFA is and how it’s a win for business. Certainly, this tactic works better than the presentation of MFA as a necessary security evil.

Another way to limit negative perceptions of MFA is by working with a partner that’s experienced in its implementation. Ideally, this partner can install your MFA with minimal disruption, and post-implementation, they’ll have the best right practices in place. This way, they’re ensuring ease-of-use remains a priority and reality at all times for all users.

Single Sign-On Simplicity

Implementing MFA in conjunction with a single sign-on tool can help make the experience even easier. In order to fully utilize SSO, you should add frequently used applications into scope for both MFA and any single sign-on attachment tools. By doing so, you’ll be providing all staff members with the same MFA experience.

SSO is an upgrade that provides added security with just one click. A user must simply type a password into the single sign-on platform in order to get all the enhanced security of MFA. Demonstrating this ability can help get users excited about MFA and SSO, and any anticipation of MFA being a heavy load will rapidly disappear.

About The Author

Patrick Kinsella is senior vice president and CTO at Onepath.