Things to Look for in a Multi-Factor Authentication Vendor
Multi-factor authentication, or MFA, is a tremendous type of platform that provides excellent security measures. An MFA platforms require a password and at least one other, independent form of verification before a user is allowed access. Every company should invest in this type of protection, but, before doing so, they should also consider a few things. Here is our list of things to look for in an MFA vendor.
Do They Accommodate OTP?
One-time passwords (OTP) are something you should think about right away when considering MFA and bring it up to any prospective vendor. You want to be certain you understand the options they provide and whether or not those will work for your company’s needs. The main benefit is an obvious one: this type of “strong” authentication keeps hackers from being able to capture your username/password pair and then go on to compromise security. As soon as you use an OTP, it’s no longer going to work again, making the practice of stealing it completely worthless. Being randomly generated meaning no hacker is going to be able to simply win with a guess either.
Do Your Tokens Expire? If so, Then What?
It doesn’t matter how many people your company employs. At some point, it will get extremely expensive to support MFA if you have to replace tokens that expire over and over. The same can be said for going with a vendor that requires you to replace your tokens every few years or so. A lot of times, vendors have this requirement even of tokens that were never used. This is just throwing money away.
Aside from the obvious, this can make budgeting a real pain because you’re never quite sure of what the price is going to be. A much better solution to look for is a monthly billing plan or some other subscription-based option.
Which Endpoints Can You Protect?
If your MFA vendor can’t provide you with protection for your company’s endpoints, then, simply put, it’s not the right solution for your needs.
Think about all the various platforms you use, from things like Windows Office to Salesforce and everything in between. There are firewalls to consider too, among other things. Take your time auditing your company’s endpoints before proceeding. The last thing you want is to invest in MFA only to find out it is not expansive enough for all of your company’s endpoints.
How Are Users Provisioned?
This doesn’t necessarily need to be a deal breaker, but give credence to any vendor that makes provisioning easy to do. The best software is the kind that can just sync with your active directory. That might be one of the most powerful features an MFA platform can provide. You’ll be able to streamline an otherwise tedious process so that you’re benefiting from MFA in no time.
What Happens if a User Doesn’t Have Their Token?
MFA software that works with tokens is great. You’ll definitely be benefiting from a better form of security. However, eventually, one of your employees is going to be without theirs. It could happen for any number of reasons, but the dilemma is the same: now they can’t get through MFA. Does the vendor offer some kind of contingency plan? Some type of quick response from the vendor is ideal so that none of your employees is ever locked out of a system for a prolonged period of time.
What Happens if I Lose Network Access?
Another eventuality worth planning for is the loss of network access. Much like with the above question, you want to know if something like this will leave you in the dark as far as essential access goes. You might not lose your network connection, but what if you’re on the road and without it? Make sure this won’t affect your ability to access vital aspects of your company’s digital infrastructure.
Who Controls the Infrastructure and Data?
Every company experiences turnover. A lot of companies also work with all kinds of third parties like business partners, vendors, contractors and temps. As such, you must have a way to ensure that your IT data and infrastructure are not constantly available to these people. Chances are they’ll need access while working with you. Once they move on, though, you want to know you can quickly revoke their access. Obviously, this is especially true when you fire someone.
Not only do you want to be the one who has the control, but you also want to find out how quickly you can revoke someone’s access too. It won’t do to have to wait a full day before someone who’s been let go is locked out.
Can You Delegate MFA from One Server to Another?
Being able to delegate authentication to another MFA server should be part of any system you’re considering. This way, you can manage a number of installations with just a single set of credentials and tokens.
Can the MFA Requirement Be Manually Overridden?
In the case of an emergency, will you be able to override the MFA solution’s authentication requirement to access an account? This can be a fine line to walk. Obviously the software is there to keep people out, but it will still probably become necessary at some point. If secured properly, a manual override can be a very useful tool to have.