Multi-factor authentication (MFA) forms the basis for strong IT security and reliable compliance processes in your company. Not only, but especially whenever you have already set up decentralized workstations and/or want to introduce a strategy for a 👉 Modern Workplace concept.
People at the center of your corporate philosophy
The demands on the modern workplace have increased. Digitization has opened up opportunities for diverse, flexible ways of working for employers and employees. At the same time, the concept of a Modern Workplace means not only greater digitization of work processes, but also greater integration of people.
This means two things: To establish a Modern Workplace, you need not only technical changes but above all a 👉 cultural change in your company. Your employees need to be at the center of your corporate strategy. The goal is to create a climate for maximum productivity that also allows a high degree of freedom. This includes, for example, flexible working hours or the introduction of decentralized working methods.
At the same time, decentralized workstations in particular harbor new 👉 dangers for your IT security as well as corporate integrity. Outside of your own company network, you do not influence the actual security configuration of the network being used. You can’t check whether a firewall is in place or whether anti-virus programs are actually being updated promptly. Or which private devices are still on the network. Or even: whether family members (theoretically) also have access to the devices used for work. Of course, you can specify all of this in comprehensive additional clauses—but these do not constitute a guarantee.
Multi-factor authentication creates necessary barriers to your network
An important way to gain control over access to your network is to introduce so-called multi-factor authentication. This means that your employees can only log in to their PC or certain programs with a minimum of two logins.
This sentence sounds much more complex than MFA actually is for the end-user. First of all, the end-user only needs his known password. And a second factor to confirm his own identity.
- 1st factor
Something you know—usually the password
- 2nd factor
Something that you have—For example, a smartphone or hardware token
- 3rd factor
Something that you are— Biometric factors such as fingerprint or FaceID
Very rarely, companies rely on triple authentication in addition to two-factor authentication; this is mostly only necessary for extremely critical and extra shielded areas—for your admins or your finance department, for example. Of course, you are free to use biometric data already as a second factor; This can lead to high usability and user satisfaction, as this is a login variant that your employees already know from their everyday life.
Preliminary considerations for introducing MFA in your company
In principle, it is advisable to introduce multi-factor authentication for all employees. In this way, you also secure the computers in the area and thus enable everyone to work flexibly in the future. Even those who may still be critical of this development and prefer to work from the office. You should definitely respect this as well.
You should also ask yourself what options an MFA should offer your employees. Common methods are so-called push messages or QR codes via the smartphone as well as SMS and voice codes via the smartphone or the telephone. However, you need to consider here: which of your employees have a business smartphone to take advantage of this offer? How many of your employees would like to continue working in the office and thus have constant access to their landline phone there? Which of your employees do not have any of these options? Might company smartphones need to be rolled out across the whole staff? As you can see, these common, basic authentication options are not necessarily feasible for 100% of your workforce. Or, if they were, they would exceed the budget.
Fortunately, there are other secure authentication options for the second factor: hardware tokens. These are small pieces of hardware, about the size of a USB stick, which, once personalized, uniquely identify a user. Common formats are the so-called OTP or FIDO U2F tokens. These ensure that users who do not own any other company hardware can also log in. At the same time, they offer another cost factor that you should consider in your strategic planning.
Introducing MFA—how to achieve high user acceptance
Like any software introduction, the introduction of an MFA requires a careful selection process as well as a successful introduction to get your employees enthusiastic about it. At first, it sounds like an unnecessary and complex process to many people, especially IT laypeople. Therefore, be sure to test the rollout with a small group to reduce potential hurdles and obstacles before performing a full-scale rollout to your company.
A well-communicated and smooth roll-out will alleviate even your most critical employees’ fears.
Also, you can significantly increase usability, for example by defining secure networks or devices for which users do not need multiple authentications for a specified period of time. At the same time, the double security provided by MFA allows you to eliminate the need for (different) complex passwords for each application. That ensures a faster and easier log-in process to their programs. Overall, this ensures a good and stable workflow in your company. If you also choose an MFA provider that includes single sign-on functionality by default, users can eliminate the need to log in to different programs every day. Single login to the PC in the morning is all that is required to gain access to all relevant files and programs.
You can also make life easier for your admins by allowing not just a second, but a third factor. So if someone doesn’t have their smartphone handy, but they do have their landline phone, they can identify themselves that way too. This saves lengthy log-in requests and frees up your IT for more important tasks. At the same time, your users know this from everyday life. Google or Apple, for example, already allows their customers to store various factors so that logging in is always guaranteed, even if a device is not available at the moment.
Would you like to learn more about MFA, Modern Workplace, or IT Security?
👉 Contact us here or leave a comment.