The #1 IT Security Capability – Multi-Factor Authentication

By Greg Keller Posted May 24, 2017

IT Security Capability Multi-Factor Authentication

Multi-factor authentication (AKA two-factor authentication) is the number one IT security capability that an organization can implement.

That’s a pretty bold statement.

There’s room for argument. But there’s no argument that MFA is a significant step-up in security for any organization. Yes, you could make a case that your firewall, anti-virus, or user management system is the number one security capability. It’s true that you need some of those before you can even get to MFA, but nobody can fairly debate the effectiveness of MFA.

Single Passwords, Double Trouble

single password

User accounts could be protected with passwords in the past. Hackers just didn’t focus on breaking into user accounts as much a long time ago. Over time, we learned the benefits of having longer and more complex passwords.

Most users realized that their spouse’s name as a password would be easily hacked.

With the advent of better passwords, we also started to see an explosion of online accounts. Every user now has many personal and professional accounts. Remembering all of these passwords started to become impossible. Consequently, we saw users slipping back to using a single password for many of their accounts.

As a result, this raised the risk to organizations worldwide. A compromised site that your employee used in their personal life could now impact your business.

Exponentially Grow IT Security With Multi-Factor Authentication

password management

User accounts were now a liability for IT organizations. Of course, users could not do any work without online accounts such as Google Apps or Office 365. A user’s password to these critical services was something that they knew. For example, it may be a word, phrase, sentence, or even nonsensical grouping of characters. Unfortunately, those passwords could be hacked any number of ways. As a result, many organizations started to implement another ‘factor’ that needed to be added to the login process.

Now, a user not only needed to know their password, but they also needed to provide a token that was generated from something that they had. These tokens are often generated by a smartphone application such as Google Authenticator. This code is then entered upon login in conjunction with the password. A hacker now needed to have the user’s password and smartphone. The chances of that happening were remote at best and as a result, the user account became much more secure.

IT Security Capability for Systems and Applications

MFA

We’re going to go out on a limb and say this:  if an account has multi-factor enabled for user accounts, it is virtually unhackable. In our opinion, MFA/TFA is one of the strongest security measures that an organization can take to protect themselves. There are two general methods that IT organizations use to implement 2FA. One is at the system level and the other at the application level.

System-level MFA is implemented when you log into your device. A user’s device is their conduit to the network and applications. By setting up MFA at that central control point, a user cannot get into your system, which would have data and access to a wide variety of IT systems.

Application level MFA controls access at the application point of entry. In order for this method to work, every application would need to have MFA implemented, or it would need to be implemented at the central application entry point. Generally, this means a user console inside of a single sign-on application.

One Solution, MFA Two Ways

jumpcloud diagram DaaS

Both system-level MFA and application-level MFA have pros and cons. JumpCloud’s Directory-as-a-Service® gives you the best of both worlds by implementing system-level MFA for Mac and Linux devices. The JumpCloud® Identity-as-a-Service platform controls access to the user console for SSO via MFA as well. That way, you can implement both levels of multi-factor with one core identity management solution.

Try JumpCloud’s System-Level MFA And Application-Level MFA

jumpcloud learn more demo

If you would like to learn more about how JumpCloud’s Directory-as-a-Service platform is supporting the number one security capability that you can implement on your network – multi-factor auth, drop us a note. We’d be happy to talk to you about it and why it is so critical to your IT security. You are invited to try our systems or application-level MFA capabilities. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts