Multifactor Authentication Challenges
by Paul Lanzi, on Dec 03, 2015
It’s not often that Amazon is late to any game. Consistently cited as the leader – quite often defining the cutting edge – of supply chain and delivery logistics, e-reading technology, DRM-free digital music distribution and countless other technologies, there is one crucial technology that Amazon was late to adopting: multi-factor authentication. You’ve been able to protect your Google Account with MFA since February 2011 (Enterprise customers got the feature in September 2010 – more than 5 years ago!). Apple launched the feature in March 2013, not long after Mat Honan, Senior Staff Writer for WIRED experienced an “epic hack” that disabled his computer and mobile device hardware, and compromised his Google, Twitter, Amazon and Apple accounts in the matter of a few minutes. A key part of that attack chain? Amazon. Just a few weeks ago, in November 2015, Amazon finally announced the availability of two-factor authentication to protect your Amazon account.
Why did it take Amazon 5 years longer than Google to enable multi-factor authentication? Why do dozens of other cloud services still not offer it? Most critically, why do 32.4% of Enterprise survey respondents say that <10% of their user population is using any kind of multi-factor authentication?
There are three main reasons why the adoption of multi-factor authentication has been so slow – in both the consumer and Enterprise spaces. Cost and technical complexity to implement multi-factor authentication are often cited as top reasons – and with IT budgets and staff time already pulled in many different directions, these are significant concerns. Multi-factor authentication schemes can break compatibility with older solutions, be difficult to install and maintain and sap resource time and budget dollars from other initiatives.
However, there is one reason that stands above all others: User Experience. In a multi-logon, multi-device world, users don’t want to be inconvenienced to enable and then authenticate with multiple factors on all of their devices. In the Enterprise, this is made even more difficult by the lack of native multi-factor authentication in off-the-shelf applications and in Windows, the primary OS used in Enterprise environments. IT departments seek to offer their users friction-less computing, and multi-factor authentication, despite the protection it can offer, feels like a move in the wrong direction. This challenging User Experience is one reason why adoption of Google’s 2SV (multi-factor authentication) technology limited to something approximating 6.5% of their user population – despite news articles, nag screens and other inducements to enable it.
So, in a world where:
- We need multi-factor authentication to protect our accounts against unauthorized use
- Cost, technical complexity and – most of all – a desire to offer an excellent User Experience prevent IT departments from rolling out multi-factor authentication
- Even industry titans like Amazon have difficulty enabling multi-factor authentication
What can we do?
Typical multi-factor authentication solutions require that ALL users utilize the MFA technology… but what if there was a way for Enterprises to enable multi-factor authentication for just the most sensitive user accounts? When we look at recent hacks, there is one thing in common across all of them: abuse of administrator credentials in the attack chain. With Remediant’s SecureONE product, you can quickly and easily enable multi-factor authentication for your highly privileged administrator accounts – without making a single change to the user experience for the rest of your users. Audit findings, security standards adherence and best practice adoption all drive IT Security teams toward adopting multi-factor authentication – now you can bring the power of multi-factor authentication to your Enterprise systems with a hardware appliance that installs in minutes and protects your Enterprise 24⁄7.