In today's app world, relying on a simple/ traditional password authentication is not enough to protect an enterprise against the growing number of sophisticated cyber attacks. With this, there is every need to implement MFA across the enterprise. The goal of multi-factor authentication is to create a layered defense of two or more independent authentication modes when user access applications, networks and resources. MFA implementations use a combination of the following factors:
- Knowledge factors – something you know Passwords, PINs and the answers to Secret Questions.
- Possession factors - something you have in your possession, such as a Security Token (Software or Hardware), a One-Time Password (OTP) token, Certificates, a Smart Phone.
- Inherence factors - something you are - this includes Biometric Authentication such as fingerprint/ retina scans and facial/ voice recognition.
Although users are reaching a comfort level with storing and accessing their information online, traditional security mechanisms such as password, certificate, hard token based authentication and fact based questions are difficult and inconvenient for them to use. Mobile push notifications, SMS-based approvals and more have all changed the way we can supply more than a username and password when authenticating. The end-user experience using mobile devices for MFA makes the adoption of elevated security standards for accessing applications and resources so easy now that one should wonder.
There is a tremendous interest from customers on end user experience of security products. The importance of making security easy for end users and how it can impact the overall effectiveness of the user experience is vital. The fact is, it's not easy to build a security product that is exceptionally secure yet easy for end users. The continued quest for better usability during authentication sparks further innovation. We need to work harder to continue to push the bar.