THANK YOU FOR SUBSCRIBING
Multi-factor authentication (MFA) is rapidly becoming the de facto standard for digital self-service across multiple industries. Previously the bastion of government agencies and large financial institutions, it is now offered almost everywhere. In recent months, we have seen additional steps by large online service providers to begin enabling twofactor by default for millions of users.
As organizations begin implementing multi-factor solutions, it is important they remain conscious of their consumer base and give thoughtful consideration to situations that may relate to the consumption of products and services. Occasionally, when assessing MFA solutions, it has been useful (though somewhat overdramatic) to toss aside the ubiquitous smartphone and ask a simple question, ‘How do I authenticate now?’
Depending on your MFA choices, the answer to that question could be very interesting.
For example, if you provide insurance services, how will your MFA solution measure up to the test of an incident where the phone, in a purse, in a car, in a ditch, is on fire? In that critical moment of need, without access to a text message, push notification, or an appbased One-Time-Password (OTP), how do you sufficiently verify the customer to start that claim? These low-tech/notech scenarios will also arise for those unwilling or unable to use primary authentication methods due to personal needs, preferences, or situational and environmental challenges.
In our landscape of cognitive (Know), possessive (Have), and biometric (Are) authenticators, there are potential options to navigate any scenario. Some solutions, such as voice biometrics, may have additional considerations such as privacy, enrollment, and background noise. Other fall-back solutions, like printed single-use codes, grid cards, or physical tokens, may suffer the same fate as the phone in our claim example.
“MFA is a key with the potential to unlock competitive advantage and ensure your customers’ personal and situational needs are met without sacrificing the protection of the trust placed in your brand, products, and services”
Successful implementations will blend multiple authenticator options with intelligent data-based decisionmaking. Building flexible, accessible solutions that need not, and ultimately must not, reduce security.
Accessibility for MFA is not simply a social imperative or a compliance obligation. MFA is a key with the potential to unlock competitive advantage and ensure your customers’ personal and situational needs are met without sacrificing the protection of the trust placed in your brand, products, and services.
Authentication is an organization’s virtual front door, and purposefully implementing a multi-factor solution should not make that door inconvenient or less welcoming. It is possible to create a solution that enhances the experience and strikes a balance between trust and accessibility. Work with product owners to understand use cases, explore authentication scenarios, and pay particular attention to the outliers. These extremes test your solutions and ensure when your customers are in need, you can strike that elusive balance between convenience and security.