December 17, 2018

Evaluating Multi-factor Authentication Solutions Today

“Complicated” doesn’t equate to “better” (or even “more secure”) when it comes to cyber security and Identity Access Management strategies. Unfortunately, it seems that the opposite is true when it identity authentication. As soon as everyone realized that passwords are mostly ineffective as a means of secure authentication, the run to creating more controls started. This spawned the multi-factor authentication industry but also increased the drag on corporate productivity. So at what cost has this added complication brought and did it deliver on the promise of more security?

Multi-Factor Authentication Today

According to Wikipedia:

“Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).”

Typically, it involves two “pieces of evidence” which is a subset of MFA called Two-factor Authentication which could be:

  • Something that you know: e.g. password, PIN, pattern
  • Something only you have: e.g. smart card, mobile phone
  • Something inherent to you: e.g. biometric data such as fingerprint, face or voice
  • Some unique, contextual data associated with you: e.g. location, known device token

Unfortunately, these solutions impose significant friction through a variety of temporal (e.g., OTP, captchas, reset links) and binary (e.g., fingerprint) controls that have all still proven ineffective safeguards against credential stuffing and identity spoofing. So, now is the time to revisit how we evaluate identity authentication solutions in order to impose a higher standard for selection.

Multi-Factor Authentication Revisited

Eliminating the complexity and overhead (read drag) while improving security and the user experience is the prime directive for a new set of selection criteria. In order to be truly secure as well as competitive you should extend your MFA evaluation criteria to include the abilities to:

  • Enable Frictionless Productivity: facilitate an incredible frictionless user experience with minimal need for typing pins, accepting push messages, scanning QR codes and other types of intelligent MFA pre-and post-authentication whether for web, mobile, cloud or IoT.
  • Orchestrate Dynamic Authentication: monitor user context based on simple yet effective configurable policies that drive dynamic risk-based scoring of authentication requirements, which, in turn, adapt to user behavior, attributes and the ecosystem of associated devices and resources cognitively and continuously.
  • Dramatically Reduce Cost of Operations: eliminate the need for passwords thereby eliminating the need for password resets, which are costly, time-consuming and an unproductive activity for IT, the enterprise and the end consumer. Avoid productivity loss and significantly reduce helpdesk operational costs. Bottomline is that you should never have any passwords required, ever.
  • Prevent Credential Stuffing Instantly: prevents stolen credential stuffing the instant an attempt is made using compromised/stolen usernames and passwords by virtue of its evasion-proof design. Drastically reduce the threat surface for ATO breach using cognitive MFA.
  • Correlate Audit Logs and Threat Intelligence In Realtime: provide detailed telemetry on contextual user behavior and tamperproof audit logs for every authentication attempt, pre- and post-login, in real-time. Detect, analyze and respond to incidents and threat actors instantaneously without the latency or guesswork to substantially reduce the risk of fraud at first attempt.
  • Customize, Integrate And Scale Efficiently: provide out-of-the-box intelligent MFA for Citrix NetScaler/Workspaces, Cisco VPN, HID and Microsoft Hello, in addition to flexible SDKs for web, mobile, FIDO 2.0, DBFP and REST APIs for scale, extensibility, and visibility into the IT ecosystem today.

Biobehavioral Comes Of Age

Acceptto is a transformative Biobehavioral AIML authentication technology delivering you continuous identity protection and peace of mind in an age where passwords are ineffective and identity authentication is mission critical. Acceptto is built on the premise that your credentials today, and those that you’ve yet to create, have already been compromised. Your identity cannot simply be based on a password or a one-time token or only your biometrics. Your immutable identity is a combination of your physical behaviors, attributes and Digital DNA. We call it Cognitive Authentication. You can eliminate preventable harm with our Biobehavioral AIML technology that enables frictionless authentication, prevents credentials stuffing instantaneously, ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without the guesswork or latency.

See for yourself what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free trial today.