IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Five things to consider before choosing an MFA solution

Because we all should move on from using “password” as a password!

Image of two-factor authentication in action

Ever since anyone had cause to use a computer, passwords have been the mainstay of secure access to resources. It turns out, however, that passwords aren’t as secure as we once thought.

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

They can be guessed or cracked easily, stored insecurely, and traded online by nefarious cyber criminals. This means the world is inevitably moving towards using multifactor authentication (MFA) as a more secure means of authenticating your identity and accessing your critical information.

MFA adds an extra step to the authentication process. In addition to what a user knows, such as their username and password, MFA pairs this process with an action; this could be a code sent through an SMS message or email, or a token delivered through an authentication app.

It's becoming far more prevalent these days. If you've tried to access your bank account details online, or have bought something from an online retailer, you'll probably get an SMS sent to your phone with a code you need to input before you can proceed further, in order to access your account.

So, with MFA fast becoming commonplace, and for good reason, it's now required to meet compliance requirements in some industries. What should you consider when selecting an MFA solution? There are five factors to contemplate.

Flexibility: Does the MFA solution apply only the required amount of security depending on what risk is posed by who's accessing the resources? Also, does the solution offer flexible ways of authenticating users? Will it offer hardware tokens, such as a USB-based dongle, or software tokens, such as smartphone app to NFC to text message and push notification? Does it allow users to use biometrics, such as fingerprint scans or facial recognition?

Costs: There's a cost to implementing MFA, which are down to what option your organisation chooses to implement. Hardware tokens, for example, have deployment and recurring costs, such as server infrastructure, staffing, vendor support, and hardware production and distribution. There are also costs involved with software tokens, although these tend to have fewer deployment costs, and implementation can be achieved in weeks.

Security: When implementing an MFA, there are diverse levels of security that can be used. Passwords and PINs are less secure than hardware tokens or a FIDO authenticator, which can be used when an organisation needs phishing-resistant authentication that can roam between devices. One-time codes offer high security when users don’t have a dedicated authentication app, meanwhile. Push notifications, too, can be a good choice if your users can use a mobile authentication app. Biometric authentication, finally, is good for system logins or specific apps.

Related Resource

Multi-factor authentication deployment guide

A complete guide to selecting and deploying your MFA authentication guide

The whitepaper title on a strip of swirling blue and purple diagonal across the pageFree download

Scalability: Any MFA implementation your organisation opts for needs to be scalable so it can be deployed across your whole organisation, and develop as the business grows. This means security practices should be consistent across the organisation. Deployment should cover all end-users, whether they're in the office or working remotely. MFA should also cover cloud and on-premises applications, VPN, server logins, and privilege elevation.

Ease of use: MFA should not only be easy to roll out, but should be easy to use. Some users may be limited in what they have as another factor to log into resources, such as lacking a smartphone or being unable to use a hardware token. Organisations need to balance usability with cost and security to increase acceptance.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022