We’ve been using usernames and passwords since the 70s, and two-factor authentication solutions for nearly a decade now. As more firms begin to embrace multi factor authentication (MFA), it can be a bit jarring for end users to migrate to a new way of logging into their business accounts and systems. If you’ve deployed one-time password-based 2FA already, it may not be a far cry to require biometric authentication on a smartphone. If you’re jumping straight from passwords to a biometric-enabled MFA strategy, you need to lay some groundwork in place first.
Here are our five key tips for deploying multi factor authentication, preparing your workforce for the change, and the best factors to include:
1. Test Multi Factor Authentication with a Pilot Group
The best way to ensure a smooth rollout of MFA is to test it with a pilot group of random employee. By picking a handful of workers from various departments, making sure to include those with varying levels of security needs, you’ll optimize the solution for your average user while addressing the demands of those with access to more sensitive information, such as payroll.
2. Make the Factors Flexible
One of the best ways to optimize MFA is to provide more than the required number of factors. Employees can then select the three or more that they are most comfortable with. We always advocate adopting biometrics for increased security, but some employees simply won’t want to use their fingerprint or face to log into corporate accounts. By offering a choice, you allow them to use ones they’re comfortable with while still improving security across the board. This also lets them use factors they’re familiar with, such as OTPs.
3. Optimize Access With Mobile Devices
To successfully bake multiple authentication factors into a single solution, make it mobile. By requiring mobile devices to be part of your MFA strategy, you gain access to key information and can combine it with other factors to go beyond three or even four checks at once. For example, all phones carry a unique device identification (UDI) number, which can be accessed and tested against a previously enrolled UDI. Furthermore, most modern mobile devices are capable of capturing behavioral biometrics for passive authentication, which can be used as a tertiary authentication factor alongside stronger ones.
4. Educate Employees on Why They Need MFA
Simply deploying a solution might not be enough to enforce its use. Often, employees will see MFA as a nuisance rather than a security benefit. By educating them on why MFA is superior to 2FA and passwords alone, you can avoid complaints and misuse of the system. This will result in smoother adoption across your workforce. Include data breach statistics, ask them how often they share passwords when they shouldn’t, and other questions that will help them realize how not using MFA is a security risk.
5. Select Your Platform Carefully
The platform you use for MFA plays a critical role in success. It needs to support our five tips, as well as all your company’s use cases. At the same time, it should optimize security and provide a convenient user interface for managing access and analyzing related data. The platform should also be scalable and future-proof. This will open the door to compatible up-and-coming authentication strategies.
VeridiumID provides an identity and access management platform that meets all of these needs, enabling a flexible, secure and enterprise-ready authentication solution for businesses that is simple for end users at all technical skill levels.