MFA Implementation Best Practices
October 4th, 2021

Recent studies reveal that poor credential security is one of the main causes of data security breaches, with 81 percent of these breaches caused by weak or lost passwords. At the RSA Security Conference, Alex Weinert, director of identity security at Microsoft, revealed that nearly 1.2 million Microsoft accounts were penetrated in January 2020.

But the most striking revelation was that 99.9 percent of the affected accounts did not have Multi-Factor Authentication (MFA), adding urgency to the fact that organizations need to go beyond traditional perimeter defenses to protect their systems and data. 

Why MFA is Necessary

MFA is an essential component of a robust identity and access management policy. It is an advanced method of authentication that requires a user to provide multiple verification factors to gain access to a digital resource, such as an online account, application, or a virtual private network (VPN). Instead of just asking users to provide their usernames and passwords, MFA requires one or more additional verification factors to minimize the possibility of a successful cyber-attack.

With MFA, it is very difficult for unauthorized users to access corporate data. It is an integral part of Centrify Identity Services and is not difficult to implement. It does, however, require some upfront planning to further enhance security and save time and effort.

Implement It Across the Enterprise

Implementing MFA in just a few areas of an organization is akin to locking your doors and leaving your windows wide open. The only way your MFA implementation will be effective is if you implement it across the organization, making sure that all access points, including the cloud, are properly covered. With different types of multi-factor authentication, it’s important to choose one that best suits your organization. 

Implementing MFA across all end and private users, cloud and on-premises applications, VPN, server login, and privilege elevations helps protect your systems and data against unauthorized access, breaches, and password-based cyber-attacks.

Use Context for Adaptive MFA

Instead of using an always-on approach that continually requires users to give secondary credentials, you should leverage context to develop an adaptive, step-up method that only requires supplementary factors when necessary. Context data might include location, network, device settings, or time of day. This information helps to verify that the user is who they claim to be without always needing to prove secondary credentials.

Various Authentication Factors

For a MFA rollout to be successful, it must deliver the best user experience possible with a healthy balance of user convenience and system security. Avoid a fixed, one-size-fits-all approach because it can’t possibly meet the needs of all users. 

Instead, implement a wide range of authentication factors to balance the risk, usability, and cost of implementing MFA. Some of the best authentication methods include hardware tokens, software tokens, SMS/text messages, phone calls, emails, and security questions.

Reevaluate Your MFA Regularly

As IT infrastructures and authentication methods evolve, so do security vulnerabilities and threat landscapes. In such a dynamic environment, you need to conduct regular assessments to make sure that your MFA technology is up-to-date and can meet the needs of all users and the business. Reevaluate your MFA system consistently to ensure it is implemented appropriately. For MFA requirements for PCI compliance, follow the link to learn more. 

To keep your business agile and competitive in the current market, it is important to take the security of your business seriously. Adopt and deploy effective security measures such as MFA and view these security measures as an enabler of business, rather than an additional cost and obligation.