Weighted identities are the future of MFA
(Last updated on August 2, 2018)
There’s a new sheriff in town
Allow me to embellish – how else can you describe the sense of security one feels when the words Multi-Factor Authentication (MFA) are uttered. With data breaches, system failures, and identity theft thickening the plot, authorities such as Microsoft and NIST have chosen MFA as the protector of digital identities. But there’s a lot more to MFA than a catchy acronym.
The fact in multi-factor
MFA conscious authentication systems can include anything from antiquated security questions (something you know), and widely used SMS codes (something you have), to more sophisticated fingerprint and facial scans (something you are). But are all these factors equally secure? With the first prone to social engineering, and the second raising concerns amongst authorities like NIST due to message hijacking, should the last factor hold more value during authentication?
Since not all factors are created equal, we introduced “weighted identity” in our self-service password reset system, Specops uReset. Weighted identity allows you to assign weights to factors according to their level of security. Let’s say that prior to a password reset you require users to verify their identity with two factors, but would be equally satisfied with a single more secure factor. You can assign each with a specific weight, and ultimately decide that one is worth twice as much as another during authentication. A bit more complicated than what we’re used to, but since the weight assignment is visual (there are stars!), it is quite easy to manage.
Users have a knack for finding loopholes. And while MFA systems may be secure, they can be perceived as an additional barrier. I can only imagine the frustration – the user needs their smartphone to meet an authentication criterion on the very day the device was forgotten at home. Haunted by the poor experience, they abandon MFA all together. This is where flexibility matters the most. In our uReset system, we overcome such scenarios with flexible MFA, allowing the user to pick and choose what factor(s) they want to authenticate with. No mobile device? No problem. Simply pick from some of the 20+ factors to verify your identity with.
The future is now
With threats to identity constantly evolving, a stagnant MFA approach won’t do. Specops uReset has raised expectations around security without compromising additional flexibility for its users.
If you are considering Specops uReset, all the ways your users can authenticate to the self-service system can be overwhelming. Before rolling out the solution, you need to decide how you will verify user identities – will it be mobile, social, email, biometrics, or all of the above. Moreover, you need to assign a weight…Read More
Don’t let the title fool you. This is not so much a melodrama – but rather about our fragmented identities sprinkled in the ubiquitous digital space. Okay, maybe a little exaggerated, but let’s see how you feel after a dozen failed passwords attempts – or could it be the wrong username? You narrow it down…Read More
Security questions have been around almost as long as the Internet and passwords. They are inherently weak and recently both Gartner and the National Institute for Standards and Technology (NIST) have drawn a hard line in the sand concerning them. Gartner declared that self-service password reset solutions need to support additional forms of authentication beyond security…Read More