Are you still using applications that do not require multi-factor authentication (MFA)? Probably not, as ever more sites and apps are imposing the use of at least a second factor before they let you in. But why are they making it so hard? For TrustBuilder, there is no reason why MFA cannot be user-friendly.
Most of us do it several times a day: pull out a token device, start up yet another session with Google or Microsoft authenticator or key in a 6-digit code received in a text message. Two-factor authentication and MFA are definitely on the rise.
Six good reasons why MFA has become so important
The use of weak passwords: the human race is a lazy beast. When having to come up with a password, all too often we take the path of least resistance and go for a birth date, names of pets, street addresses. For several consecutive years, the password 123456 has been top of the list of most commonly used passwords. By the way: almost all of the 50 most commonly used passwords can all be cracked in under a second.
Passwords no longer suffice: hackers have become very sophisticated in getting a hold of passwords and username password combinations. Phishing emails, hacks into databases,… With on average one hacker attack every 39 seconds, no wonder hundreds of thousands of web logins get stolen or compromised every week, making it easy for attackers to gain access to sensitive data. These statistics mean it is no longer a question IF your credentials will fall into the wrong hands, but WHEN. It’s always worthwhile checking if your credentials are listed on Have I been pwned.
PSD2 and SCA: For any banking transaction above a certain threshold defined by the EU, the PSD2 regulation requires Strong Customer Authentication (SCA). In practice most banks use either a form of biometrics verification, two-factor or multi-factor authentication. PSD2 and SCA came into force in 2020 and, besides financial service firms, many e-commerce sites are also implementing SCA.
GDPR: Besides requiring organizations to be transparent to customers on the data they are storing about them, GDPR also requires them to protect these data from unauthorized access. Multi-factor authentication is a good protective measure to stop data from being compromised, thus ensuring proper protection of customer data.
Reputational damage: Adding MFA is not only a good practice to show that you care about privacy, it also protects individual user data whenever the user password is compromised. A good example of the damage this can cause to your company’s reputation is the TeamViewer hack, which was compromised because of a data leak of passwords from LinkedIn. Companies that get hacked lose revenue, see their stocks crash, their CIOs and IT staff are replaced, etc.
Universal use: MFA is a strong, proven security measure against all types of attacks and breaches: phishing, spear phishing, Man-in-the-Middle attacks, brute force attacks,… These can all be prevented by using multi-factor authentication.
How to make MFA user-friendly
Proving that two-factor or multi-factor authentication is necessary and functional may be easy, that still doesn’t make it convenient for the user. And some of the MFA techniques that are frequently being used, are not even very secure either. Just think of one-time-passwords being intercepted, allowing attackers to gain access to applications or websites.
Make MFA passwordless: users have grown accustomed to biometric verification, for instance through facial recognition or the use of fingerprints. TrustBuilder offers support for fingerprints in its TrustBuilder Mobile Authenticator. Once a user has onboarded, a fingerprint or a PIN suffice to get access to an application. This allows of passwordless authentication.
Check out how easy it is to onboard, using TrustBuilder Mobile Authenticator.
Using push notifications: most people have way too many apps on their smartphone. This sometimes makes it too difficult to find the right authenticator quickly. TrustBuilder Mobile Authenticator uses push notifications. If you need MFA for an application on your PC, simply send a notification to your connected device. No swiping back and forth between different smartphone screens: reacting to the push notification and using fingerprint or a PIN is enough to gain access to the application in question.
Embed it into your app: multi-factor authentication can be made completely transparent to the user; the MFA solution is embedded into the app itself. TrustBuilder Mobile Authenticator comes in the form of an SDK, allowing organizations to integrate TrustBuilder Mobile Authenticator into their applications, using the look-and-feel of that application.
Allow different devices: One-time-passwords (OTPs) are usually connected to a SIM card. This forces the consumer to always use the same device for authentication. Thanks to device binding, TrustBuilder Mobile Authenticator can be used with any of the devices that have been set up during onboarding.
TrustBuilder Mobile Authenticator in action
“What really attracted us to TrustBuilder Mobile Authenticator was the user-friendliness of the solution, plus the ability to seamlessly integrate it into our own mobile application,” said Michael Custers, CMO of HR services leader SD Worx. His organization chose TrustBuilder Mobile Authenticator to increase adoption of their mobile app SD Worx Assistant. According to SD Worx’s Chief Security & Risk Officer Gert Beeckmans, “what we were looking for was a solution that was even simpler than a user/password combination. Something that is so easy to use, that users wished they had this system for every app they need to authenticate for.”
Check out how SD Works uses TrustBuilder Mobile Authenticator to drive adoption of its app.
MFA does not need to kill customer experience. On the contrary, using the right tool to secure data and applications can increase customer experience. Interested in finding out more? Then request your personalized demo.