January 27, 2020

More Than MFA

Hollywood seems the thrive on sequels. Once you think the original was perfect, they bring out a second version to capitalize on the revenue opportunity (and in theory continue the story in an improved fashion). The same holds true in the software and SaaS world where new versions add features that previous versions missed or even hadn’t been thought of yet. Every now and then there comes a time where a new idea supersedes the old norm; like with Uber or AirBnB.  In Identity Access management, that time is now as it relates to Multi Factor Authentication (MFA).

MultiFactor Authentication Today

According to Wikipedia:

“Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).”

Typically, it involves two “pieces of evidence” which is a subset of MFA called Two-factor Authentication which could be:

  • Something that you know: e.g. password, PIN, pattern
  • Something only you have: e.g. smart card, mobile phone
  • Something inherent to you: e.g. biometric data such as fingerprint, face or voice
  • Some unique, contextual data associated with you: e.g. location, known device token

Unfortunately, these solutions impose significant friction through a variety of temporal (e.g., OTP, captchas, reset links) and binary (e.g., fingerprint) controls that have all still proven ineffective safeguards against credential stuffing and identity spoofing. So, now is the time to revisit how we evaluate identity authentication solutions in order to impose a higher standard for selection.

What's More Than MFA?

As you can see from all of the headlines, even with MFA many companies are being breached. You need more than just adding drag to the authentication process. Eliminating the complexity and overhead (read drag) while improving security and the user experience is the prime directive for what’s more than MFA. In order to be truly secure as well as competitive you should extend your MFA evaluation criteria to include the abilities to:

  • Enable Frictionless Productivity: facilitate an incredible frictionless user experience with minimal need for typing pins, accepting push messages, scanning QR codes and other types of intelligent MFA pre-and post-authentication whether for web, mobile, cloud or IoT.
  • Orchestrate Dynamic Authentication: monitor user context based on simple yet effective configurable policies that drive dynamic risk-based scoring of authentication requirements, which, in turn, adapt to user behavior, attributes and the ecosystem of associated devices and resources cognitively and continuously.
  • Dramatically Reduce Cost of Operations: eliminate the need for passwords thereby eliminating the need for password resets, which are costly, time-consuming and an unproductive activity for IT, the enterprise and the end consumer. Avoid productivity loss and significantly reduce helpdesk operational costs. Bottomline is that you should never have any passwords required, ever.
  • Prevent Credential Stuffing Instantly: prevents stolen credential stuffing the instant an attempt is made using compromised/stolen usernames and passwords by virtue of its evasion-proof design. Drastically reduce the threat surface for ATO breach using cognitive MFA.
  • Correlate Audit Logs and Threat Intelligence In Realtime: provide detailed telemetry on contextual user behavior and tamperproof audit logs for every authentication attempt, pre- and post-login, in real-time. Detect, analyze and respond to incidents and threat actors instantaneously without the latency or guesswork to substantially reduce the risk of fraud at first attempt.
  • Customize, Integrate And Scale Efficiently: provide out-of-the-box intelligent MFA for Citrix NetScaler/Workspaces, Cisco VPN, HID and Microsoft Hello, in addition to flexible SDKs for web, mobile, FIDO 2.0, DBFP and REST APIs for scale, extensibility, and visibility into the IT ecosystem today. 

MFA Goes Behavioral

So, the bottom-line is that something new can supersede classic MFA to create a more immutable identity authentication solution that actually decrease the drag typically imposed on the user.

Acceptto is a transformative behavioral AIML authentication technology that satisfies your MFA requirements and so much more. It delivers you continuous identity protection and peace of mind in an age where passwords are ineffective and identity authentication is mission critical. Acceptto is built on the premise that your credentials today, and those that you’ve yet to create, have already been compromised. Your identity cannot simply be based on a password or a one-time token or only your biometrics. Your immutable identity is a combination of your physical behaviors, attributes and Digital DNA.

We call it Continuous Behavioral Authentication. You can be assured that those authenticating into your systems are actually who they are supposed to be with our behavioral AIML technology that enables frictionless authentication, prevents credentials stuffing instantaneously, ensures your true immutable identity continuously, and dramatically reduces risk, likelihood of fraud and cost of helpdesk operations without the guesswork or latency.

See for yourself what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy. Register for a free demo today.

 

 

MFA identity Access Management continuous authentication