By Natalie Bluhm Posted September 10, 2017
Multi-factor authentication (MFA), often referred to as two-factor authentication (2FA), is one of the most critical steps that an organization can take to protect their identities, and hosted MFA solutions are simplifying IT’s ability to implement MFA in their environments.
In order to understand why MFA has such a significant impact on security, let’s take a look at why single factor authentication is no longer a sufficient security measure.
Single-Factor Authentication is No Longer Secure on its Own
Single-factor authentication has typically taken the form of a username and password, and this method of authentication used to be pretty solid. In the past, users were able to login to their system and gain access to their productivity tools, network, files, and data. The key here is that users were able to get by with accessing their resources with one set of credentials. That matters because it made it simple and convenient for users to comply with company password complexity requirements because they only needed to remember one password, instead of ten for a whole host of resources.
Today, authenticating to resources with just a username and password is no longer sufficient. Sites are frequently being hacked and having their passwords leaked. Also, computing power has increased dramatically, so passwords and hashes can be cracked if they aren’t strong enough. Even if a hacker doesn’t have a powerful computer, the advent of social media has made it too easy to find the right kind of information needed to crack a password.
On top of that, Web-based applications have flooded organizations with new resources that IT has struggled to properly integrate into their environment. This has led to users creating multiple identities for their vast number of resources. Best security practices dictate each identity should have it’s own separate password, but users have gained a reputation for taking more convenient and less secure routes when it comes to their passwords. If you want to be assured of the security of your resources, single-factor authentication is simply not enough.
MFA – It’s All about What You Have
Two-factor authentication can greatly step up security. MFA requires a user to login to their resources with something they know (username and password) and something they have (typically a passcode generated by an app on their phone such as Google Authenticator or a hardware authentication device like a YubiKey). When MFA is in use and a password is cracked, the hacker would not be able to access that resource without also having your phone or hardware authentication device. This is why MFA solutions can be such a powerful security tool.
Most MFA solutions have been on-prem, enterprise systems. These solutions have often had to connect to the on-prem identity provider, Microsoft Active Directory®, so, this level of security for the longest time was only available to enterprises.
Hosted MFA – A Solution for the Big and Small
A new generation of hosted MFA solutions is emerging. In fact, MFA solutions are now not just a stand alone category that require you to buy yet another identity management solution. MFA is being added to the core identity provider. This makes it possible for our hosted MFA solution to enable system-level MFA for Mac and Linux systems, and for applications with MFA access at the portal level when combined with web application single sign-on.
Now with hosted MFA that is integrated into the core, cloud directory service, organizations of all sizes can benefit. Directory-as-a-Service® is key for executing greater identity security. In addition to MFA, your organization can also benefit from identity security features such as password complexity management, event logging API’s, centralized user management, GPO-like policies, and SSO.
If you would like to learn more about increasing identity security within your environment, drop us a note. You are also more than welcome to start testing our hosted MFA and additional IAM security features for yourself by signing up for a free IDaaS account. Your first ten users are free forever.