Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.
5. 5
I come not to bury
passwords but to appraise
them
6. MFA is
Using two or more login
factors in order to
authenticate a user
7. MFA is
Using two or more login
factors in order to
authenticate a user
multiple independent
8. MFA is
Using two or more login
factors in order to
authenticate a user
Dynamically choosing from
multiple independent
9. MFA is
Using two or more login
factors in order to
authenticate a user
Dynamically choosing from
implicit & explicit authentication
multiple independent
10. MFA is
Using two or more login
factors in order to
authenticate a user/
with the optimal balance of security,
usability, and cost
Dynamically choosing from
implicit & explicit authentication
multiple independent
11. MFA is
Using two or more login
factors in order to
authenticate a user/
with the optimal balance of security,
usability, and cost
Dynamically choosing from
implicit & explicit authentication/based on an assessment of risk
(determined by analysis of various
contextual signals and other
considerations)
multiple independent
12. MFA is
Using two or more login
factors in order to
authenticate a user/
with the optimal balance of security,
usability, and cost
Dynamically choosing from
implicit & explicit authentication/based on an assessment of risk
(determined by analysis of various
contextual signals and other
considerations)
multiple independent
21. yes
no
Is device authenticated?
no
yes
User
authenticated?
Enjoy partial
application
access
Enjoy partial
application
access
User logs in
from untrusted
device.
User logs in
from untrusted
device.
Enjoy public
application
access
Enjoy public
application
access
Authenticating device & user
22. yes
no
Is device authenticated?
no
yes
User
authenticated?
Enjoy partial
application
access
Enjoy partial
application
access
Enjoy full
application
access
Enjoy full
application
access
Device
Registration
Device
Registration
User logs in
from untrusted
device.
User logs in
from untrusted
device.
Enjoy public
application
access
Enjoy public
application
access
Authenticating device & user
23. yes
no
Is device authenticated?
no
yes
User
authenticated?
Enjoy partial
application
access
Enjoy partial
application
access
Enjoy full
application
access
Enjoy full
application
access
Device
Registration
Device
Registration
User logs in
from untrusted
device.
User logs in
from untrusted
device.
Enjoy public
application
access
Enjoy public
application
access
Authenticating device & user
Enjoy partial
application
access
Enjoy partial
application
access
26. Local authentication
• Capabilities of phones also make
practical a model where the
verification check is performed
locally, ie on the device
• As used for ‘device unlock’ – the
user logically authenticates to
the device
• Local authentication
(particularly for biometrics) has
privacy advantages – no secrets
on the server