Multifactor Authentication: It’s Not Just for Large Enterprises

Multifactor Authentication: It’s Not Just for Large Enterprises

The traditional username-and-password for authentication is a prime example of how organizations are making a hacker’s job much easier than it should be. It’s not just about people using weak passwords or the same passwords for multiple accounts, and it’s not just about companies failing to enforce password best practices.

Fact is, passwords have outlived their usefulness as a strong security control. Users routinely or fall for email phishing scams, in which hackers trick them into divulging their credentials. In addition, massive security breaches have given hackers huge lists of usernames and passwords. Readily available are capable of trying millions of passwords per second, allowing hackers to carry out brute force attacks and quickly compromise your systems.

If a password is the only thing between a reasonably competent cybercriminal and your system, you’re in serious trouble. In fact, the 2017 Verizon Data Breach Report found that 81 percent of data breaches involve weak or stolen passwords.

The weakness of passwords in an increasingly perilous security threat climate has led to growing adoption of multifactor authentication (MFA). According to the Verizon report, 67 percent of surveyed organizations are using MFA for at least some of their users.

MFA is a security mechanism that requires multiple, independent authentication credentials, or factors, to verify a user’s identity. The three general types of factors are:

  • Something the user knows (knowledge factor), such as a username, password, PIN, or the answer to a secret question.
  • Something the user has (possession factor), such as a smart card, key fob, or security token generated through a mobile device.
  • Something the user is (biological factor), which involves retina scanning, fingerprinting, facial and voice recognition, and other forms of biometric verification.

The user’s location and the time of an attempted login may also be used as authentication factors. For example, if a user logs in to the network in the U.S. and a login attempt involving the same account is made in Moscow a half hour later, MFA technology will know to prevent the login and flag the attempt for investigation.

While MFA adoption by two-thirds of respondents to the Verizon survey is encouraging, 61 percent of respondents from companies with fewer than 1,000 employees believe MFA solutions are designed for large enterprises. They think MFA is expensive, difficult to implement, and too complex to manage and maintain. These concerns may be valid for most MFA solutions, but the new Authpoint MFA platform from WatchGuard Technologies was developed with small to midsize businesses in mind.

WatchGuard AuthPoint is a cloud-based solution that simplifies integration, reduces upfront costs, and can be deployed and managed from any location without on-premises hardware. Users are authenticated through the AuthPoint app, which is downloaded on each user’s smartphone. The app enables users to view and manage login attempts and store third-party authenticators. The AuthPoint app creates Mobile Device DNA, a personalized signature that makes it possible to distinguish legitimate login attempts from cloned attempts on unauthorized devices.

Cloud-based management through an intuitive interface makes it easy to view reports and alerts and configure and manage deployments. Additionally, integrations with dozens of third-party solutions allow organizations to authenticate users before they access cloud applications, VPNs and networks.

Usernames and passwords can easily be stolen and cracked. Let us show you how WatchGuard’s new AuthPoint MFA solution reduces IT security risks without the high cost and complexity of enterprise MFA platforms.