Smartly Using Multi-Factor Authentication

July 4, 2024

Hey there, fellow IT admins!

Like you, I've seen firsthand the growing landscape of cybersecurity threats facing our modern enterprises. From sophisticated phishing attempts to breaches targeting weak authentication methods, it's clear that robust security measures are more crucial than ever.

However, technology alone cannot be the sole consideration. To prevent users from subverting these tools, which protect access to sensitive systems, solutions must also consider the user’s experience. Using MFA smartly means finding the perfect balance between keeping systems secure and making life easier for everyone involved.

Beyond the Essentials

For example, imagine onboarding a tool with a fewer number of seats than the number of users who have to access it. While it may not be considered business-critical, the data is still important for day-to-day operations and needs to be protected nonetheless. Inevitably, you’ll receive requests to disable MFA. Or, you could have employees share credentials and an MFA device to bypass the corporate security procedure entirely. We don’t want to consider anyone actively operating against the set standard operating procedures, but we all know some personalities who will deem existing processes “too cumbersome and hard” and then create a concealed access pathway.

Consider this example, which would totally never actually happen 😉 **: An executive with privileged access to sensitive tools wants MFA disabled for all of his accounts because using two separate devices is unbelievably difficult for him. And while an argument against providing an exception is articulately expressed, your supervisor grants it because of title.

Edge cases like this will always lead to a poorer security posture than what is defined in your compliance documentation. Requests for security tools to be disabled, or for shared access to devices that limit the visibility of true user authorization become prevalent when it’s deemed that there is no other recourse for the business. But there is.

That’s why we’ve made Key Forge. By managing User MFA capabilities in the cloud, our platform allows you to better manage these edge cases to preserve your oversight and keep as much protection active within the organization as possible. Not only will you be able to review an individual’s access logs for MFA codes, but you can also see which users access shared accounts even if that tool doesn’t provide the insight.

Individual users benefit from a less encumbered experience. They can access their codes on any of their work devices without being required to leverage their mobile or personal devices. Being cloud-first, codes are automatically backed up, and unattended outages due to device loss or improper setup are prevented.

Having MFA for organization accounts managed by a cloud platform also provides finer control with user offboarding. Even if passwords are known, a user’s access can be immediately terminated by blocking access to MFA codes, as they naturally expire.

In essence, applying MFA smartly means relying on common sense rather than blindly following textbook approaches. After all, real-life scenarios can be much more complex than what's written in those manuals.

Let's continue to keep our systems secure and user-friendly simultaneously—because that's the essence of smart MFA!