Step up your security game with dynamic MFA
(Last updated on October 5, 2018)
Multi-factor authentication (MFA) requires authentication from independent categories of credentials: something you know (i.e. password), something you have (i.e. Mobile device), and something you are (i.e. Fingerprint). MFA enhances security when accessing resources on SaaS applications, and even during password resets. When it comes to authentication, more layers means more protection against attacks and breaches.
The MFA market is on the rise, and for good reason. As companies are moving to the cloud, and storing sensitive data online, they are becoming increasingly attractive to hackers. One of the easiest ways for hackers to gain unauthorized access is through the password. Remember the Deloitte hack in late 2016? Hackers cracked the password on an admin account, and got access to privileged information. This could have been prevented with MFA. According to Symantec’s Internet Security Threat Report 2017, 80% of breaches can be prevented simply by employing MFA.
Other than the increasing security concern, the various industry and compliance standards are playing their part in driving the MFA trend. Microsoft, NIST, PCI, and HIPAA have either recommended or mandated stronger authentication. It is time for you to jump on the bandwagon.
The MFA impact on users
When evaluating an MFA solution, should you consider the user-experience? After all, MFA does not guarantee authentication success. The wrong system can even result in login failures, driving up helpdesk calls, and of course disruption to user productivity.
Specops Dynamic MFA is designed to increase security with minimal impact on users. With 15+ identity providers available to choose from, including social SaaS, mobile authenticator apps, and high trust options like Duo Security, and Symantec VIP, IT admins have the ability to pick and choose what they want to extend to users. To enhance flexibility, admins have the ability to include more identity providers than required to meet the authentication policy. This gives users the freedom to choose from a variety of identity providers during authentication, greatly reducing authentication failure. If one doesn’t work or is not available, the user has alternatives. This feature is especially useful if the user does not have their mobile device with them.
Weighted identity: balance security and flexibility
Authentication choice should not be at the expense of security. After all, not all identity services provide the same level of security. If one strong authentication method fails, there needs to be an equally strong alternative. The weighted identity feature allows admins to assign a trust level to each identity service – reflected by stars. Essentially, admins can weigh each identity service differently to reflect the security/confidence level deemed. Users can complete authentication faster with high trust identity providers.
Dynamic MFA for your organization
Every organization has unique needs and special considerations for implementing MFA. Whether your organization is moving to, or currently using O365, Specops Authentication can help you enable or enhance MFA by extending options beyond traditional phone-based authentication options by adding biometrics as an example. Users can continue using organizational credentials (Windows Identity) as an authentication factor, and layer, or even substitute, the password with other identity services when logging in. To learn more about Specops Authentication, and see how it can step O365 security while reducing potential end-user impact request a trial or demo today.
For a long time now, Specops has been advising organizations on how to protect their network and data against common security threats. We’ve managed to cover everything from sophisticated social engineering tactics, to the simple phishing email, and most recently, best practices for safeguarding Active Directory against common attacks. Along the way, we’ve repeated the…Read More
Don’t let the title fool you. This is not so much a melodrama – but rather about our fragmented identities sprinkled in the ubiquitous digital space. Okay, maybe a little exaggerated, but let’s see how you feel after a dozen failed passwords attempts – or could it be the wrong username? You narrow it down…Read More
With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing data for individuals within the EU are in the midst of developing their compliance strategy. The new regulation will carry an impact well beyond Europe. A recent PwC pulse survey found that over half of…Read More