Challenges in Implementing Multi-Factor Authentication

Enterprise Security Magazine | Monday, September 27, 2021

Deploying multi-factor authentication across an organization’s assets is one of the most effective means to prevent unauthorized access to sensitive data.

FREMONT, CA: A door without a lock does not offer a layer of security to an opportunistic thief. If the door is locked, a person at least has one layer of security. Now, imagine that the door also has a thumbprint reader that must be used in conjunction with the key to unlocking the door. Then, the person has multiple layers of security. While a skilled thief could still conceivably get in, it would need more time, and they would likely move on to a seamless target. Multi-factor authentication has emerged as the single most effective control to insulate an enterprise against remote attacks. When deployed correctly, it can eliminate most threat actors from gaining an initial foothold into the organization, even if credentials become compromised. But MFA is not a silver bullet; keep these challenges in mind when generating a multi-factor authentication program.

Even among those who know better, MFA can be one challenge too many for enterprises. That’s because, in most MFA deployments, passwords are still essential. So now, in addition to handling the password, users have to manage the additional layer of security. Because different applications and systems may need different MFA types, users are juggling authentication types just as they juggle passwords. As organizations work to accelerate security through MFA, criminals are just as busy generating new tools to overcome those efforts.

SIM, which stands for subscriber identity module, is the phone’s unique identifier. A small chip-comprising card is used by mobile phone providers to individually identify each subscriber and enable enterprises to communicate with their specific mobile networks. Most providers also provide a service known as a SIM swap, which allows the mobile account transfer from one SIM card to another. This comes in handy if the user has accidentally lost the phone or somehow damaged the SIM card.

Once criminals get access to one account, they can often get into several others owned by the same user. They can get into the first account through no user's fault, getting passwords through a third-party breach, or because of poor password hygiene by the user. MFA can even solidify threat actors’ control over accounts. Users can enable MFA for an account that has already been compromised, or if an attacker has SIM swapped to get control of the accounts, those MFA requests go to the attacker, reinforcing their ownership.

Check out: Top Enterprise Security Solution Companies