MFA for All

Richard Davey, Business Information Security Officer, USAA

Richard Davey, Business Information Security Officer, USAA

Multi-factor authentication (MFA) is rapidly becoming the de facto standard for digital self-service across multiple industries. Previously the bastion of government agencies and large financial institutions, it is now offered almost everywhere. In recent months, we have seen additional steps by large online service providers to begin enabling twofactor by default for millions of users.

As organizations begin implementing multi-factor solutions, it is important they remain conscious of their consumer base and give thoughtful consideration to situations that may relate to the consumption of products and services. Occasionally, when assessing MFA solutions, it has been useful (though somewhat overdramatic) to toss aside the ubiquitous smartphone and ask a simple question, ‘How do I authenticate now?’

Depending on your MFA choices, the answer to that question could be very interesting.

For example, if you provide insurance services, how will your MFA solution measure up to the test of an incident where the phone, in a purse, in a car, in a ditch, is on fire? In that critical moment of need, without access to a text message, push notification, or an appbased One-Time-Password (OTP), how do you sufficiently verify the customer to start that claim? These low-tech/notech scenarios will also arise for those unwilling or unable to use primary authentication methods due to personal needs, preferences, or situational and environmental challenges.

In our landscape of cognitive (Know), possessive (Have), and biometric (Are) authenticators, there are potential options to navigate any scenario. Some solutions, such as voice biometrics, may have additional considerations such as privacy, enrollment, and background noise. Other fall-back solutions, like printed single-use codes, grid cards, or physical tokens, may suffer the same fate as the phone in our claim example.

“MFA is a key with the potential to unlock competitive advantage and ensure your customers’ personal and situational needs are met without sacrificing the protection of the trust placed in your brand, products, and services”

Successful implementations will blend multiple authenticator options with intelligent data-based decisionmaking. Building flexible, accessible solutions that need not, and ultimately must not, reduce security.

Accessibility for MFA is not simply a social imperative or a compliance obligation. MFA is a key with the potential to unlock competitive advantage and ensure your customers’ personal and situational needs are met without sacrificing the protection of the trust placed in your brand, products, and services.

Authentication is an organization’s virtual front door, and purposefully implementing a multi-factor solution should not make that door inconvenient or less welcoming. It is possible to create a solution that enhances the experience and strikes a balance between trust and accessibility. Work with product owners to understand use cases, explore authentication scenarios, and pay particular attention to the outliers. These extremes test your solutions and ensure when your customers are in need, you can strike that elusive balance between convenience and security.

Weekly Brief

Read Also

Importance of Information Security in Organizations

Importance of Information Security in Organizations

Eddie Borrero, Vice President, and Chief Information Security Officer, Robert Half
Leveraging Effective Communications for Strengthening Cybersecurity

Leveraging Effective Communications for Strengthening Cybersecurity

Grant McKechnie, Chief Information Security Officer, Endeavour Group
How To Think Digitally And Transform Your Organization To Win The Digital Customer

How To Think Digitally And Transform Your Organization To Win The...

Dobyl Malubane, CX Business Dev & Strategy Director, Oracle Africa
The Future Of Cloud Is Mobile

The Future Of Cloud Is Mobile

Rudi Strydom, Head of IT Operations, Technology and Architecture, Imperial South Africa
Exploring New Technological Impacts

Exploring New Technological Impacts

Melissa Orchard, Digital Hub & PDC Director, Marketing; CMI, Unilever Africa
The Human Reality Of Cyber Security

The Human Reality Of Cyber Security

Henry Denner, ICT Security Officer, Gautrain Management Agency