Do You Need to Add a Business-Grade MFA to Your Portfolio?

Credit: Getty Images

When MSPs depend solely upon two-factor authentication to verify identity, future challenges will be tough to combat. WatchGuard Technologies offers four qualities to look for in your MFA.

“More than 2 million malware programs are created per week specifically designed to disrupt or penetrate digital systems,” according to Newstrail. Two-factor authentication will not be enough to combat these attacks. If that’s all you have for your business authentication, then it’s time to add additional security measures. The best way to actively combat cyberattacks are to use a multi-factor authentication (MFA) solution, build stronger passwords, keep your software up to date, and use a VPN. When these are in place and regularly updated, you have built a strong first line of protection for you and your business.

Author: Diana Harter, WatchGuard Technologies
Author: Diana Harter, WatchGuard Technologies

When was the last time you took a good look at your MFA solution? It is easy to trust the big brand solutions that are uploaded in your system, even automatically. But oftentimes, these MFAs do not integrate with other systems, so they are only protecting certain elements of your business, not all. Additionally, these solutions are using old technology to generate one-time passwords (OTPs) and storing them for months until you manually change them.

Future Challenges for MSPs to Tackle with Authentication

As MSPs, you are the first responders to cyberattacks on your customers. So, it’s imperative for you to be aware of the future cybersecurity challenges to prepare your team and have processes to proactively hunt threats and respond to attacks. Authentication is the first line of defense to protect identities and to have visibility when unauthorized users are trying to interfere.

Password-less Authentication Will Evolve, Yet It’ll Take Time for People to Adopt: Today, password-less authentication is in its early stage. And we know it will continue to evolve and expand as new issues arise and innovations emerge to increase security and user experience. USB hardware tokens for password-less authentication are already on the market. Mobile authentication via push notifications is still the best balance of user experience and security. But it will continue to be a challenge to get your users to authenticate properly. After all, your users still struggle with creating and updating strong passwords.

Biometric Authentication Will Produce New Frontiers: Biometric authentication is currently used by most users via mobile and/or laptop. And it’s likely this type of authentication will continue to expand across other networks as more industries adopt this type of authentication to access identity-sensitive information. The key will remain to keep all information encrypted and secure. It’s likely that stricter privacy laws will continue and those must be aligned with business agreements. Therefore, it’s important to keep in compliance with these laws as authentication requirements expand.

IoT Cybersecurity Will Increase: Internet of Things (IoT) is currently a weak link in cybersecurity. Last year in a six-month period, there were 1.5B cyberattacks via IoT alone. In the next few years, cybersecurity will increase for IoT and MFA is likely to be the best way to authenticate on these devices. As more IoT is adopted by users, it’s vital that these devices are protected too.

Four Qualities to Evaluate Business-Grade MFA

As you evaluate your current MFA and other options, it’s important to consider four key qualities. These qualities will help you see just where your MFA is strong and where it is lacking. It’s up to you to consider how you’ll weigh its value as you think of current and future needs of your business and customers.

1. Authentication Methods: With a variety of authentication methods available, it’s best to review how the MFA you’re evaluating compares with the most secure types of authenticators. Three authenticators set business-grade apart from the other options. First, a time-based one-time password (TOTP) that actively changes and expires single-use passwords in 30 seconds is a must for MSPs. TOTP is more secure and makes it much more difficult to infiltrate. Second is risk-based authentication (RBA), which is an adaptive security measure for dynamic system behavior, evaluating user and device risk. Using geolocation to mitigate the risks are all necessary security tactics for MSPs assisting global enterprises. Finally, mobile DNA ensures only the authorized user can access online accounts and assets from their unique mobile device. This prevents hackers from posing as users.

2. Provisioning and User Experience: Users will be more likely to adopt authentication if it’s convenient for them, so consider their experience as you evaluate MFA. Additionally, token provisioning enables a mobile device to process token transactions. And while most, if not all vendors, will offer token provisioning, a business-grade MFA stands out by providing automated emails with instructions, QR code, and prompt for token activation. 

3. Deployment Efficacy: Users need and want an intuitive design that reliably works as it’s meant to. When testing out an MFA solution, be sure you test how quick it is to set up, especially with a first-time user. Next, check that it integrates nicely with all support applications you need. If the deployment is simple and painless, it builds trust with the user.

4. Total Cost of Ownership: Time is money, especially for MSPs. Finding the types of support you need from your MFA vendor in a quick, self-serve manner is key. Additionally, measure the quality of experience compared to the sum of costs per device. To calculate TCO, be sure to include the cost of training, upgrades, support, licensing, and legalities.

Time to Consider MFA Options

Look outside the well-known brands for MFA solutions. On closer investigation, you’ll find that many of these known brands are using old technology to generate OTPs, which is a huge security issue. They also tend to charge extra for risk-based authentication, which is essential for zero-trust. As you review business-grade MFA options, consider other MFA solutions that secure and integrate with other solutions your business uses.

Author Diana Harter is audience marketing manager at WatchGuard Technologies. Read more WatchGuard guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.