Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

11:30 AM
Joan Goodchild
Joan Goodchild
Edge Articles

MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication

Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.

(Image: eyeretina via Adobe Stock)
(Image: eyeretina via Adobe Stock)

1. Allowing MFA to Be a Choice

If you're going to implement MFA, it should not be an opt-in process for end users. Ping Identity's Bird says the most common mistake he sees among customers is rolling it out as a choice or an option.

"When users are given choices without a clear, value-based explanation, they will choose either the method that feels the easiest or they will stay with the method they are already comfortable with," he says. "Security is not an option. Presenting it as one is problematic."

Takeaway: If you're going to implement MFA, make sure its use is mandatory.

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio
2 of 7
Print  | 
More Insights