Weighted identities are the future of MFA
(Last updated on August 2, 2018)
There’s a new sheriff in town
Allow me to embellish – how else can you describe the sense of security one feels when the words Multi-Factor Authentication (MFA) are uttered. With data breaches, system failures, and identity theft thickening the plot, authorities such as Microsoft and NIST have chosen MFA as the protector of digital identities. But there’s a lot more to MFA than a catchy acronym.
The fact in multi-factor
MFA conscious authentication systems can include anything from antiquated security questions (something you know), and widely used SMS codes (something you have), to more sophisticated fingerprint and facial scans (something you are). But are all these factors equally secure? With the first prone to social engineering, and the second raising concerns amongst authorities like NIST due to message hijacking, should the last factor hold more value during authentication?
Since not all factors are created equal, we introduced “weighted identity” in our self-service password reset system, Specops uReset. Weighted identity allows you to assign weights to factors according to their level of security. Let’s say that prior to a password reset you require users to verify their identity with two factors, but would be equally satisfied with a single more secure factor. You can assign each with a specific weight, and ultimately decide that one is worth twice as much as another during authentication. A bit more complicated than what we’re used to, but since the weight assignment is visual (there are stars!), it is quite easy to manage.
Users have a knack for finding loopholes. And while MFA systems may be secure, they can be perceived as an additional barrier. I can only imagine the frustration – the user needs their smartphone to meet an authentication criterion on the very day the device was forgotten at home. Haunted by the poor experience, they abandon MFA all together. This is where flexibility matters the most. In our uReset system, we overcome such scenarios with flexible MFA, allowing the user to pick and choose what factor(s) they want to authenticate with. No mobile device? No problem. Simply pick from some of the 20+ factors to verify your identity with.
The future is now
With threats to identity constantly evolving, a stagnant MFA approach won’t do. Specops uReset has raised expectations around security without compromising additional flexibility for its users.