The Top Multi-Factor Authentication Myths and Misconceptions You Need to Know About

The Top Multi-Factor Authentication Myths and Misconceptions You Need to Know About

You’ve heard of multi-factor authentication, but you haven’t started using it across your organization yet. If you’re skeptical or worried about adopting multi-factor authentication (MFA) at your company, you might have out-of-date information about what it involves. Or, you might believe one of these myths and misconceptions. Let’s set the record straight right now.

Myth: Multi-Factor Authentication Is More Trouble Than It’s Worth

In the early days of multi-factor authentication, there was a fair bit of work involved to make it work. Here’s what it included at one large bank: users had to request a special “authentication key.” Next, users had to log in using a special URL. After that, there were multiple login screens that had to be completed, and the entire process was only compatible with certain web browsers.

If that was your experience, you might feel that multi-factor authentication was far too much trouble. Fortunately, new technology such as FIDO2 and Avatier’s identity and access management solutions have changed the game. You no longer require complicated software and hardware to use MFA.

Verdict: You can make multi-factor authentication easy for your users.

Misconception: Multi-Factor Authentication Kills Productivity

To address this misconception, we need to take a step back for a moment. From one point of view, there’s a productivity loss from using multi-factor authentication. Yes, we admit that! However, if you take a longer-term perspective, you’ll see that multi-factor authentication has significant benefits. Let’s break down the details.

When you change a process, habit, or technology, it’s natural to see a productivity loss in the short term. It takes some time for people to learn how to use the new method. Multi-factor authentication is no different. When you first implement the technology, your staff will need some training and support to learn how to use it. However, many of your employees are probably already familiar with MFA because many other companies, including Facebook, Amazon, and banks have implemented it for their customers.

Once your employees become familiar with multi-factor authentication and start using it, your company will ultimately become more secure. As a result, you’ll avoid the cost of managing help desk tickets for password issues and reduce the chance of a security incident crippling your organization.

Verdict: This is a false misconception in the long term.

Myth: Multi-Factor Authentication Requires Complicated Hardware

This myth is sometimes true. For instance, one government agency uses a card-based multi-factor authentication approach. To log in, employees must insert a specific card into their work laptop and then enter password credentials. Relying upon a specific piece of hardware such as a hard drive or token does have security benefits. However, these benefits come at a steep cost of decreased convenience.

For 90% of your employees, requiring specialized hardware to log in and get work done isn’t necessary. Instead, we recommend that you focus on making multi-factor authentication easy and leverage the technology your employees already have. Avatier supports FIDO2 so that your employees can use their smartphones for multi-factor authentication. That means you don’t have to buy or configure additional hardware.

Verdict: Years ago, this myth had some validity to it. With today’s software, this myth no longer holds true.

Myth: Executives Are too Busy to Use Multi-Factor Authentication

Asking your executives to learn how to use new technology at work can be a tough ask. Imagine asking the VP of Sales to take time away from meeting with customers to learn about a new cybersecurity process. That could be quite the tough sell. However, you can win executive buy-in for multi-factor authentication. You simply need to translate its benefits into terms they can understand. Put it this way: what’s the cost to your executives of failing to protect the organization with multi-factor authentication?

Let’s consider the daily challenges that executives have to take on. They have extraordinary authority, goals, and demands on their time at work. To deliver on that work, most organizations give executives access to substantial budgets, the authority to sign contracts and make other changes. Now, imagine a hacker or discontented employee had access to an executive’s access credentials for just a few hours. In that time, a determined wrongdoer could cause losses and chaos.

To reduce the likelihood of that happening to you, you may want to implement more powerful multi-factor authentication. In particular, look at using biometric authentication (e.g., fingerprint authentication) or using a hardware device. Avatier now provides support for YubiKey so that you can protect executives and other users with specialized access credentials.

Verdict: This myth isn’t valid! If you make the business case clear to executives and make it easy for them to use, they’ll adopt it.

Misconception: Multi-Factor Authentication Will Solve My Security Problems

In business, the most alarming number is “one.” If your business relies too much upon a single customer, system, or security process, you’re going to be vulnerable to disruption. When it comes to cybersecurity, you can’t rely solely upon multi-factor authentication to keep your organization safe. You need to bring other practices and technologies to build out a full program. For example, you need to offer IT security training to employees covering topics such as password best practices. Further, you also need to design a process that identifies all corporate assets so that you can ensure your organization is protected.

Verdict: This misconception confuses the true value of multi-factor authentication. It’s a powerful tool in your IT security program, but it’s not enough on its own.

Now That You Know the Truth about Multi-Factor Authentication

Your next step is simple. If you don’t have multi-factor authentication in place, start a project to investigate implementing it. If you do have multi-factor authentication in place, assess how broadly used it is. An MFA program that few people use doesn’t provide meaningful protection.

Written by Nelson Cicchitto