5 Best Practices for Implementing an Effective MFA Strategy
Bad password habits are extremely common. Unfortunately, they are often the cause of data breaches or cloud account takeovers. People have so many passwords to juggle that they often use weak passwords, store passwords using non-secure methods, and reuse the same password multiple times. 51% of people admit to using the same password for business and personal accounts. Even worse, 57% of people that were scammed in a phishing attack didn’t bother to change their password afterward. Those statistics are just two examples of why companies implement multi-factor authentication (MFA) to improve their IT security. By doing so, they can cut down on the possibility of data breaches.
Multi-factor authentication enables an additional requirement for user authentication to a website or app. This is usually in the form of a code that is sent at the time of login to a user’s device.
Although MFA is 99.9% effective at blocking fraudulent sign-in attempts on cloud accounts, there are still many companies that don’t use it because employees push back. Staff may complain that it takes them longer to log in to their work apps with MFA enabled.
56% of people that use personal devices to access work-related items don’t use MFA.
If you’re facing employee resistance to implementing multi-factor authentication, the following tips can help you overcome resistance so you can keep your accounts more secure.
Deploy MFA For All Accounts
Employees can get confused when MFA is enabled on some accounts but not others. They may wonder why it must be used at all if it’s not used everywhere.
Companies should uniformly deploy MFA across all their websites and cloud account logins. This reduces the risk of a vulnerability in your cloud security and promotes consistency in the user experience.
Reduce Barriers With Contextual MFA Triggers
If someone is trying to log into your QuickBooks account from another country, it’s wise to have them answer additional security questions to ensure it’s not a hacker. However, if someone is inside your building and on your network when logging in, then you may not have to ask any additional questions to prove they’re a legitimate user.
Contextual MFA helps you better secure your organization without adding unnecessary inconvenience for your users.
Some of the contextual prompts for additional factors of authentication include:
- Geographical location
- IP address
- Device type
- Time of day
Don’t Use a “One Size Fits All” Approach
The goal is to implement MFA across all logins in a uniform fashion. That doesn’t mean you can’t also give your users some flexibility! For example, there are different types of MFA they can use.
These include getting a code via text message, getting the code through an MFA app, or using a security key that inserts into a device. You can also offer biometrics like a fingerprint scan rather than a code.
By giving your employees options, it can give them a feeling of ownership as they have a choice.
Use MFA With a Single Sign-On (SSO) Application
The biggest reason that people find MFA inconvenient is that it slows them down when they log into multiple accounts per day. Those few extra seconds can add up.
However, if you introduce MFA with a single sign-on (SSO) application, you’ll actually be able to save your employees time.
An SSO application connects to your various accounts and can act as a “one-time login” mechanism that automatically logs authorized users into all those connected accounts. So, with SSO, employees only need to enter their username, password, and the MFA code one time to be logged into everything.
This improves user experience and makes MFA an attractive addition, rather than an inconvenience.
Guide People in MFA Adoption, Rather Than Drop It If There’s Pushback
It’s natural for people to be resistant to any type of change in their work habits. This is why there’s an entire field out there called Change Management, which helps guide companies and the people that work for them through any type of change or transition.
When you implement MFA, you may get some initial pushback from employees. Don’t drop it entirely! Instead, take the time to explain the benefits of MFA and get input into what could make the adjustment easier. If you make your team part of the solution, rather than just telling them what to do, you have a better chance of successful MFA adoption and the significant security improvement that comes along with it.
Get Help Implementing Productive MFA Solutions
Don’t leave your accounts open to cloud jacking. Copperband Technologies can help your southern Kentucky or Middle Tennessee business implement authentication like MFA and SSO to improve your security posture.
Contact us today to schedule a consultation! Call 931.263.8000 or email us.