8 Tips for Choosing the Right Multi-factor Authentication SolutionGreg Gerik 14/02/2019, Industry News
Managed services have grown in popularity in recent years, in part due to the measures taken by manufacturers and partners in terms of data security and transparency. Outsourcing means saving costs and reducing the complexity of your own infrastructure in terms of availability.
These benefits have already prompted many firms to think about changing to a cloud-based service. If this is not an issue for you yet, we still recommend choosing a solution that offers not only a local installation but also the possibility of external hosting (managed services).
Choose a solution that allows your users to choose different types of software tokens (authentication methods). Rarely does a method fit equally for all users. For instance, there are special instances when it should be possible to use a hardware token.
When choosing a solution, make sure there are no additional license costs for software tokens. The savings of giving up hardware tokens can easily be undone by accruing royalties.
Smartphone users are already used to dealing with push notifications, thanks to the fact that many applications also use some kind of push notification. To help ensure acceptance and a positive user experience, you should consider offering your users this convenience when it comes to authentication as well.
You should also think about the future when choosing your authentication solution. It is not only important for what makes sense today, but the demands of your systems and architecture may change, making technologies like NFC or other innovations more important. Therefore, when choosing your solution, you should also consider whether the provider has a vision and plans for technical innovation.
Biometrics for unlocking the smartphone (or confirming a push notification) is a convenient feature and increases security over a PIN because it is not able to spy. Therefore, a solution should support these functions, ideally even within the app for cases where the user has not configured a screen lock.
Purely biometric authentication requires investments in devices and alignment of the solution for individual use. Check to see if this is justifiable in the overall context of your security strategy.
Configuring contextual biometric security is complex, and user training and troubleshooting can be difficult. When using biometric features there is generally not a direct relationship to increased security. However, there may be a relationship to increased identity assurance.
We recommend a reliable and convenient authentication solution that ensures a consistent, positive user experience. Contextual features should be moved to Incident Response and Privileged Access Management security components.
Make sure that any MFA solution allows user data to be stored in the user directory to save the hassle of a separate database. Also, make sure that this does not require any scheme changes to the Active Directory to avoid compatibility and support issues.
Choose a solution that supports a wide range of interfaces and applications to help you meet upcoming needs. Consider other applications you already use and consider securing them with the same solution. Check with the manufacturer to see if there may even be integration guidelines to assist you.
However, when considering the use of one solution, you must make sure that it's both reliable and would not cause significant harm should the service fail. For instance, Microsoft's MFA solution has proven to be unreliable in the past year locking out bundled users to important applications and email causing significant disruption.
Choose a solution that is very easy to calculate and does not include any hidden costs. The costs of true ownership and all functions should be included in the price and presented up front. Also consider implementation costs, time, additional resources and future usage options that should be possible without new investment or additional budget.