Knowing that danger of cybercrime is always threatening, more and more companies nowadays include an added layer of security to their system. The layer of security is often referred to as multi-factor authentication (MFA) or two-factor authentication (2FA) to secure company’s data and customer’s privacy.
Two-factor authentication is an extra level of security adopted by many businesses, companies, and applications as an extra step to login process. Instead of just entering the username and password to log into a website or application, multi-factor authentication enables you to confirm your identity in one additional steps such as SMS, email, or encrypted confirmation.
See also: How To Create A Sustainable Cybersecurity Culture
In most cases, people believe that 2FA is secured as it uses extra confirmation. However, the two ways security is also vulnerable to be hacked. In other words, 2FA does not give you an immune security system. TechChurch recently reported that 2FA is rather riskier when used. With the case of millions of SMS text messages (containing two-factor codes) were exposed in an internet-accessible database that could be read or monitored by anyone who knew where to look, the 2FA security is questionable.
Besides the issue above, there are more challenges for companies that build MFA into their security system. Here are the obstacles you might face.
It is confirmed that MFA is at risk of human error. When allowing employees to use MFA, they need to have additional devices/application such as a mobile phone or email to receive the authentication password. Having this is already not effective. If your employees are not careful with their devices and applications, hackers can easily log into or steal the data device and confirm for every authentication password sent to SMS or email.
Micah Silverman, a senior developer advocate at Okta, said that there will be two parts of MFA namely enrolment and enforcement and each part is driven by policy definitions. So, for example, will you enable MFA every time your users login to the database? Or will they need to use the MFA only when they are away from your corporate network?
The policy added to your MFA, nonetheless, should be built based on some considerations. For instance, will users have to provide a token code every time they login? Or will they need to set up MFA during registration only? These consideration adds considerable complexity, added Silverman, and when you are building these systems, complexity will always equal time.
Implementing two-factor authentication means you will need to give admins extra understanding and ability to manage certain aspects. To illustrate, one of your employees with 2FA loses their phone, thus, the admin needs to act quickly to remove registered factors. Doing this will need extra care to perform in a secure way. To accomplish success, you have to contact users to receive an email or to put in additional security information such as first city born or childhood nickname.
In short, multi-factor authentication is A-Okay strategy to secure businesses. But organisation, especially cybersecurity manager, must be aware of its obstacles. In a shared-use environment mitigating the risk of pre-authorised cached access can create a threat vector, advised Tim Mackey, a security strategist at Synopsys. Thus, you should make sure that your MFA implementations should go through a comprehensive threat assessment.
Read also: Employee Login-Logout Procedures Could Harm Company’s Data Security