I was recently talking to a CISO for a major airline. We had been discussing innovations in security, when he sighed and said that his budget was strong, but employees were overwhelmed by the constant barrage of breach news. This resulted in a user base that was slow to adopt, and didn’t feel a personal sense of agency in many security solutions.
We had been discussing some pretty behind-the-scenes solutions, and it was actually his idea that we move to something much more “in your face” for employees. Something that lets them take a proactive part in security. Something that makes them a player in this game, and gives them incentive to play. I love the idea!
I think today’s multi-factor authentication (MFA) solutions could be just what the CISO ordered, so to speak.
From a security perspective, MFA is an easy choice. Arguably many major breaches in the last few years has started with a purchased, brute-forced or phished password as the first foothold within a network. With so many billions of passwords having been stolen and made available, attackers have everything they need to walk right through the front door of our apps and even some infrastructure. Implementing MFA across sites, services, apps, infrastructure and endpoints — in essence, truly everywhere — is an effective course of action to stop these attacks, and buy ourselves time to implement further security solutions to bolster our defenses.
From a user perspective, the right MFA can also be a win. Adaptive MFA, which only challenges users for additional factors when necessary, and not every time they access something, means that MFA is less cumbersome that ever before. When you combine the ability to use a mobile device as a factor (and not a dedicated, easy-to-forget token), it gets simpler still. And when adaptive MFA is integrated with SSO, users get fast, easy access with strong security.
But per the CISO conversation I just had called out the bigger boon: MFA gets employees to see that they are not powerless. They become an active part in securing a business. In securing their privacy. In securing their paychecks! And unlike ever-more-complex password rules, and other cumbersome tools or policies that slow users down — MFA combined with SSO can actually speed access, and eliminate barriers for legitimate users.
In this modern era of security – we need to let users know that the game is winnable.
To learn more about today’s MFA, check out our gamified eBook: “Level Up Your Security.”