Research has found that poor passwords cause 80 percent of data breaches. Businesses clearly need a better way to authenticate users accessing their networks than a simple password.
Two-factor authentication (2FA) is a good starting place for that. For small and medium-sized businesses (SMBs), the one-size-fits-all approach 2FA takes isn't good enough. To adequately protect against cyber risks while being able to authenticate users with different access levels, devices, attributes and behavior, adaptive multi-factor authentication (MFA) is the solution.
2FA Lacks Flexibility, Control
2FA adds a second layer of access protection. It works by using something you know and something you have. While standard 2FA solutions have improved, typical standalone solutions lack necessary oversight, flexibility, visibility and intelligence IT teams need. 2FA solutions also don’t adapt to a wide range of use cases and scenarios. The same level of security is applied to all users regardless of risk, because the authentication factors required have nothing to do with an individual user’s risk profile. Either 2FA is on and required, or it’s off and not required; slowing down users when the added security is not necessary.
Additionally, conventional 2FA methods such as knowledge-based questions and SMS-based one-time passwords can be vulnerable to simple phishing attacks and social engineering.
Adaptive MFA Provides Added Security, Risk-Based Intelligence
Comparatively, using adaptive multi-factor authentication (MFA) boosts security, provides intelligence and control, and enhances usability. Adaptive authentication allows MFA to evaluate a user’s risk profile and behaviors and adapts the requirements to different situations. AI methods can check whether the overall picture fits: Is it possible that an employee can log on to their account in Boston and two hours later access data again from London? Checking mechanisms such as these have proven to be very effective for fraud prevention.
When it comes to intelligence and control, adaptive MFA enables admins to implement flexible, granular policies around risk levels based on a variety of parameters. An employee’s role, location, and the resource being accessed are a few options. Over time, the solution can “learn” the typical behaviors of an individual user. Authentication requirements will be based on whether the user is acting within the “normal” range of behaviors or has deviated from them.
This behavioral learning makes it easier to accurately authenticate employees through the creation of an individual user profile. Each time an employee logs on to the network intelligent decisions are made. For example, the solution will make login requirements for accessing a company network during business hours less strict than if the employee logs in via a laptop while overseas on a business trip. This also enables any anomalies or potential threats to be detected in real time. By only prompting the user when necessary and offering a more intuitive experience, adaptive authentication offers many benefits over 2FA.
Flexible, Scalable and Affordable
Finally, MFA solutions can be flexible, scalable and cost-effective because they can be implemented through existing hardware. MFA solutions should also be compatible with different authentication and single sign-on protocols. Guidelines must be mapped granularly, both to groups and individuals or adopted from existing identity and access management solutions. MFA solutions should also be compatible with current standards for single sign-on (SSO).
An integrated solution should – as with LastPass MFA, for example – offer support through various guidelines and reports at the same time. With an easy-to-use solution that adapts to the way employees work, adoption increases and so does the level of security. A flexible and adaptive MFA solution is therefore a strategically important element of every SMB’s modern security solution.
Published in partnership with LastPass.