The Truth About 5 Common MFA Myths
If you are considering implementing multi-factor authentication (MFA), you may be hesitant to move forward because you’ve heard bad reviews from other users. Many of these bad reviews are myths or inaccuracies.
In this article, we’ll address some of the common concerns about MFA and tell you whether they are based in reality or not. With this information in hand, you’ll be able to confidently decide whether or not MFA is a good solution for your organization.
(Although, spoiler alert, MFA is likely a good solution for organizations of all sizes and types.)
At Kelser, we work with MFA and answer questions from organizations just like yours every day. I'll address these concerns based on our team's real-life experience, giving you the information you need to make the right decision for your organization.
We know that information is power and that’s why we write articles like this one. We provide accurate information without a lot of “tech talk” so that business leaders like you can make informed decisions.
What Is MFA?
MFA is a security tool that protects your organization’s data by requiring users to provide multiple pieces of identification before granting access to an application, website, or other IT service.
Related article: What Is Multi-Factor Authentication? Do I Need It?
How Does MFA Work?
When a user starts the login process, they enter their user id and password as usual. The MFA tool requires at least one additional piece of information to verify identity before allowing access.
For example, a user may need to provide a combination of a username, password, and biometric (facial scan, eye scan, or fingerprint perhaps).
Or the tool may request a username, password, and a smart card swipe. Or access may be denied without a username, password, and verification of a push notification sent to the user’s mobile phone or code from a token or “fob.”
Whatever format the identification takes, we often say MFA requires users to have multiple layers of information:
- something the user knows (password)
- something the user possesses (like an MFA token or biometric scan)
- something the user is or that is inherent to that person (username)
Without presenting multiple pieces of information, the user can’t access the application or service.
MFA can be specific to a single application or service (i.e. you need to use it to access your email or virtual private network) or to a physical machine like your laptop or other device.
Some MFA systems can also be used to set up single sign-on (SSO) privileges which allow you to provide one username and password to access all or most of your systems.
Related article: 5 Simple Ways To Strengthen Your Passwords
Are The Concerns About MFA Valid?
In our daily work, our team talks with business and IT leaders about their concerns with MFA. Let’s explore the five concerns they hear most often:
Myth 1: MFA Is Expensive
Whenever people hear about new technology, they assume it will involve an additional cost.
Reality:
MFA is built into most systems available on the market today and it is simply a matter of turning it on.
Cost becomes an issue when you need to protect something that doesn’t have native MFA or when you want to configure it to do something special (i.e. use a single code or push platform).
Adding MFA to older systems may require the operating system (OS) to be upgraded before the software will work. If the platform is an older piece of software, you may need to upgrade it or find an alternative, but the cybersecurity benefits it provides are well worth the expense.
Costs will vary greatly. For example, it could cost about $200 to upgrade a Windows license or significantly more if you need to pay a software engineer to re-write code.
Myth 2: MFA Is Difficult To Implement
MFA has a reputation for being difficult to implement.
The Reality:
As we mentioned above, most new platforms already include the capability for MFA, and it is just a matter of going in at the administrator level and activating it.
For older software, it can be more challenging to implement MFA, but it is well worth the effort to provide additional security for your organization. What this retrofit could cost varies depending on whether you need an add-on, an appliance gateway, a new platform or someone to re-write the code.
Myth 3: MFA Negatively Impacts Productivity
People often assume that adding MFA tools has a negative impact on productivity.
The Reality:
While MFA may have negatively impacted productivity in the past, there are now options that make it possible for users to sign in once and stay logged in for up to eight hours, providing additional security with minimal productivity impact.
Of course there is an adjustment period, but taking the one or two extra steps required by MFA literally takes seconds and the increase in security is dramatic.
Myth 4: I Don’t Need MFA
Many organizations make the mistake of thinking that their existing security tools will keep them safe.
Don't let the fact that you haven’t been the victim of a security incident lull your organization into a false sense of security. And don't make the incorrect assumption that you don’t have any sensitive information that criminals could access.
The Reality:
Cyber threats continue to emerge every day. The tools that effectively protected your devices and infrastructure last week, last month or last year, may no longer be enough. The more layers of security tools you have in place, the safer your data and that of your customers will be.
In the same way that adding a security system or doorbell camera may dissuade would-be thieves from targeting your home, the more layers of security tools a hacker needs to deal with, the less likely they may be to tamper with your infrastructure.
Is MFA Right For You?
After reading this article, you have a complete understanding of the most common concerns about MFA. You understand that they are not accurate representations of the experience of the majority of users.
You know when cost issues could arise, what circumstances might affect implement difficulty, and the real effect of MFA on productivity.
At this point, you may be ready to move forward.
Want to know more specifics about the user experience? Learn more about MFA solutions in general and an example of the user experience with one tool in particular (Duo Security).
Your internal IT team, may be able to help you determine the right MFA solution for your organization. If they can’t or you don’t have an internal IT staff, you can find an external provider to help you implement MFA.
If you decide to work with an external IT provider, we encourage you to compare several options to get the right fit for you! We take this advice so seriously, that we’ve even done some of the legwork for you.
Read this article that provides an honest comparison of IT Direct and Kelser based on public information available on the internet.
Why do we write articles about our competitors? That’s a valid question. We believe in customer relationships that are based on honesty from the very beginning. And, there is no sense in us working together if we aren’t the right fit. That only leads to frustration.
So, check out several providers and make sure you ask the right questions before engaging with an external IT provider.