Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

11:30 AM
Joan Goodchild
Joan Goodchild
Edge Articles

MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication

Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.

(Image: jirsak via Adobe Stock)
(Image: jirsak via Adobe Stock)

Multifactor authentication (MFA), which requires users to authenticate their identities with at least two factors in order to access an application, appears to be gaining ground in the enterprise. A survey of 47,000 organizations conducted by LastPass late last year found 57% of businesses around the world are currently using MFA, which was up 12% over the previous year. 

Statistics also make a compelling case for MFA's effectiveness. Earlier this year, Microsoft reported that 99.9% of the breached accounts it tracks didn't use MFA.

Still, many businesses are holding out on implementing MFA. Too many, according Joe Diamond, vice president of product marketing at Okta.

"Is MFA well-used? The answer is, not to the extent that it should be," he says. 

Part of the issue may be that companies still have many challenges with using it and are making implementation mistakes. MFA also can be seen as a hassle, especially for end users. And if it isn't deployed correctly, it can be as ineffective as not having any MFA in place at all.

(Have you read "Biometrics in the Great Beyond"A thumbprint may be a good authentication factor for the living, but are you prepared to access mission-critical data and devices after an employee's death?)

"There is a lot of work to be done to increase both the understanding and adoption of MFA," says Richard Bird, CCIO at Ping Identity.

What are some of the common missteps organizations make when they deploy MFA? Here are a half-dozen to watch out for if you're considering or using MFA for added security.

(Continued on next page)

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
1 of 7
Print  | 
More Insights