How to overcome MFA deployment challenges

in an office: a man in front of a laptop looking at his smartphone

MFA is far superior to password-only protection when it comes to account security. The reason is pretty simple:

If you are trying to gain access to an account illegally, it’s much more difficult if you need to penetrate multiple layers of security.

Got their password? You still need their fingerprint. Got their company phone? You still don’t have their PIN code.

This is why so many businesses have switched over to MFA in recent years. But making that switch can be easier said than done…

Which is why we’ve brought together these key tips for overcoming challenges in your own MFA deployment.

What is MFA?

MFA stands for Multi-Factor Authentication. In this case, a “factor” refers to a layer of security. It could be:

  1. Information – such as your password or PIN
  2. Item – such as your smartphone, a card or some other physical object
  3. Inherent – something which is part of you, like a fingerprint

The goal is to ensure that no one can access an account without passing at least two layers of security.

How to overcome the key MFA deployment challenges

Get everyone on board

One of the main obstacles to successful MFA deployment can be the very people your new layered security is designed to protect.

Some people don’t like change. Especially if that change feels as if it is imposed on them. Or if it might make their life even slightly more difficult.

That’s why, when you’re implementing new security measures, it’s always a good idea to explain to your team or user base:

  • What changes are going to be happening (so they know what to expect)
  • Why these changes are needed (so they understand why their effort is necessary)
  • How the changes will work (with an emphasis on how easy and straightforward it is)

You might consider creating a short explanatory video which guides your users in how to adopt the new measures. If you do, strive for clarity and simplicity above all else.

Don’t do it all at once

If you have a system of any real size, implementing full MFA is rarely as simple as flipping a switch.

It’s usually smart to do things in stages. You can start by conducting a full review of all the applications and systems you have in place to identify the best places to begin. These might be:

  • The applications at greatest risk
  • The users at greatest risk

Make it easy for your users

Having MFA in place will dramatically increase the protections around your sensitive data and critical systems. But it’s vital that your new protections don’t make it difficult for your team to do their jobs.

If they are trying to work while being bombarded by authentication requests, they are soon going to start complaining about the system. Or worse, be tempted to try to find some way to get around it.

Single-Sign-On (SSO) is often the best way to overcome this issue. SSO allows users to authenticate themselves once on individual devices, your network or web browsers, for example. It allows security levels to stay high while inconvenience to users is minimised.

Give users the choice of factors

Offering your users a choice of the factors they will use to authenticate themselves can help get people on board with the new measures.

Some of the more familiar options tend to include:

  • SMS – in the past, sending authentication codes by SMS was pretty much the standard. Many organisations still do this. However, the threat of individual devices being compromised by malware is a growing concern with this kind of authentication. 
  • Smartphone app – this is the method preferred by many modern organisations. The only major concern is device compatibility. Not everyone has access to the latest iPhone, nor should they be required to.

Remember the human factor

The human factor will often be the security flaw which someone who wants to gain illegal access to a system tries to exploit.

Support your MFA roll out and minimise the risk of the human factor by:

  1. Teaching your team – about how to recognize dangerous emails, how to protect their mobile accounts with PINs and other related topics.
  2. Monitoring passwords – a process for the ongoing monitoring of things like multiple failed logins and exposed passwords should be part of your MFA deployment.
  3. Using good email practice – phishing emails often include a link to click. Make sure your own emails instruct users rather than providing links. This prevents users from becoming acclimatised to this practice. There are also a number of other cyber security threats to be aware of.
  4. Using location as security – location-based controls make sure all authentication factors come from the same IP address.

Provide support

Failing to provide support for users is the way many MFA roll-outs fail.

You might have produced the clearest, most engaging educational video for your users. But even smart, well-educated users can make mistakes. Sign-ins can go wrong. Accounts can get locked out. Phones can get lost. Employees can leave the company (in all of these cases you should speak to your IT team).

Make sure there is a process in place to handle things which go wrong right from the start. 

Get started with Multi-Factor Authentication

The challenges involved in MFA deployment lead many organisations to tread water rather than get things done.

But the protection Multi-Factor Authentication offers is a powerful motivator to progress. After all, you can’t put a price on your company’s information security.

By knowing what MFA is, by learning how to bring your users with you when you roll it out and by taking sensible steps like providing support when you do, you will be much more likely to overcome any challenges which appear along the way.

Are you about to set up your own MFA?

Let’s chat. Dial a Geek already helps Bristol-based businesses in every industry protect themselves in all things cyber.

You can reach us on 0117 369 4335 or by emailing [email protected].

If you’d like to receive the latest security updates, downloadable guides, educational videos and other materials from us, sign up to our newsletter HERE.