With cyber threats continuously evolving, relying solely on passwords, however strong, is no longer sufficient. We've already touched upon the importance of multifactor authentication (MFA) and its vital role in securing your business. But with all the numerous MFA options available, how do you find the best one for you? What should you look for in an ideal solution?
MFA statistics to know
- Microsoft reports that 99.9% of their accounts that were compromised did not have MFA enabled.
- There's also a notable difference in MFA adoption between large and smaller companies. A KnowBe4 report reveals that only 38% of companies with over 1,000 employees do not use MFA, compared to 62% of small and medium-sized businesses.
These statistics highlight that MFA is not merely a nice-to-have feature but a fundamental security measure every business should implement. This simple step can significantly deter attacks and address issues like poor password practices among employees.
There are several MFA types you can choose from. The most used options are:
SMS-Based One-Time Passwords (OTPs)
Codes sent via text message. This type is no longer recommended because it is vulnerable to various attacks such as SIM swapping, phone number spoofing and lack of encryption in SMS.
App-Based Authentication
Time-sensitive codes generated by apps such as Google Authenticator or Authy.
Push Notifications
Approve or deny login attempts via a trusted device.
Email-Based One-Time Passwords
Codes sent to the user's email.
Hardware Tokens
Physical devices such as YubiKey or RSA SecurID, which generate or store authentication codes, are not as commonly used today. This decline is largely due to their inconvenience for users and the potentially high costs.
Biometrics
- Fingerprint scans
- Facial recognition
- Retina or iris scans
- Voice recognition
When selecting an MFA solution for your business, consider these key features:
Key MFA features to look for
Ease of use: An effective MFA solution should be user-friendly. If it's overly complicated, users may resist using it. It should be easy to install with straightforward instructions.
Multiple authentication methods: The best MFA solutions support various authentication methods, push notifications, biometrics (fingerprint or facial recognition), and hardware tokens. This flexibility lets users choose the method that suits them best.
Cross-platform compatibility: Your MFA solution should work across all major platforms and devices, including iOS, Android, Windows, and macOS. It should also be compatible with virtual desktop infrastructures (VDIs) and virtual private networks (VPNs).
Safeguarding cloud apps: With the growing reliance on cloud services, your MFA solution should offer strong protection for cloud-based applications. Whether it's email, file storage, or collaboration tools like Google Workspace or Microsoft 365, the MFA solution should integrate those as well.
No dedicated hardware needed: Opt for MFA solutions that do not require specialized hardware. The best solutions are cloud-based, allowing them to be used across various devices, and ideally offer on-premises deployment options as well.
Regular updates and security patches: To stay ahead of evolving threats, your MFA solution must receive regular updates and security patches. If possible, opt for the automatic updates so you don’t have to rely on users’ acceptance of these.
Backup and recovery options: Losing access to your MFA device can be a serious issue. A robust MFA solution should provide backup options, such as backup codes or the ability to transfer authentication settings to a new device.
Offline functionality: Sometimes internet access may be unavailable. Choose an MFA app that provides offline codes to ensure you’re not locked out of your accounts when you’re off the grid.
ESET Secure Authentication
ESET Secure Authentication incorporates all the essential features mentioned above and also includes a multitenancy option for managed service providers, enabling them to manage multiple companies or sites more efficiently.
Considering that MFA is your second line of defense against cybercrime following your password or passphrase, be sure to take the time to research and carefully consider all your options. Once you have selected the best MFA solution for you, be sure to implement it throughout your organization and enforce its use by everyone who accesses your company systems. By taking this preventive step, you can potentially save yourself much bigger problems if your corporate accounts are compromised.
