CISOs often meet resistance to multi-factor authentication from users, management, and even IT. Here's how to counter their complaints.
The proven security enhancements that multi-factor authentication (MFA) or two-factor authentication (2FA) offers are spurring IT departments to put them in place. As often happens, many managers and employees are objecting to the extra steps associated with MFA log-ins, making excuses galore to avoid them.
Here's what the security experts we spoke with say are the most common MFA excuses they've encountered and the answers they use to effectively defeat them.
All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.
Security experts have been banging the multifactor authentication (MFA) drum for years, encouraging users to move away from solely relying on the username/password combination to secure their most sensitive accounts. Now GitHub is done with encouraging: By the end of 2023, all users who contribute code to GitHub-hosted repositories must have one or more forms of two-factor authentication (2FA) enabled, the company says.
Zero-day attacks and sophisticated exploits are scary, but social engineering and credential theft pose bigger headaches for enterprise defenders. User credentials grant attackers full access to the application and the associated data, or in case of a code repository like GitHub, visibility into source code as well as the ability to maliciously modify the code.
American Login.gov service, the UK National Health Services Login application, the Czech DNS registry, the Swedish educational system eduID.
These are just a few of many government applications from around the world, whose security is now protected by Multi-Factor Authentication (MFA). More and more heads of state, including the president of the United States Joe Biden, are calling for the implementation of MFA. Will this step protect countries from cybercriminals?
The popularity of MFA, i.e. the use of an additional component when logging in to the application (a one-time code, cryptographic U2F key, or other forms of additional authentication) has grown noticeably. Cybercriminals don't waste their time, and the fast digitalization of everyday life only makes things better for them.
See all Archived IT - MFA articles
See all articles from this issue