GigaOm Radar for Multifactor Authentication (MFA)v2.01

1. Summary

Multifactor authentication (MFA) is a credential verification method that requires the provisioning of two or more verification factors to gain access to an IT resource. It’s a highly effective method for preventing social engineering attacks, protecting end-user accounts by authenticating access to them with methods that cannot be easily shared or compromised. These typically include biometrics (such as fingerprint or face scanners) or tokens (such as mobile phones, cards, or dongles).

Multifactor authentication can verify identity in three or more ways, namely by using:

• Something the user knows: Good, old-fashioned passwords.
• Something the user has: An item only the authorized person typically has access to, such as an ID card, token, or more commonly now, a smartphone.
• Something the user is: Biometric data that belongs to the authorized person—such as a fingerprint or face scan—able to be captured and stored on most smartphones or laptops today.

And, increasingly:

• Something the user does: Behavior-based biometrics.

MFA solutions can ensure a seamless user experience by requiring users to provide additional authentication factors only in uncommon or abnormal situations. If a user makes a request in the normal and expected circumstances, such as logging in from a managed company device at 9 a.m. from the company office, then the user can log in with one authentication factor. If the user logs in from a different device and location, the system will require a second factor to perform authentication.

Multiple features of MFA technology enable passwordless authentication, in which other verification methods supersede passwords. This improves security by removing the vulnerable password, and it can also improve user experience by removing the difficulty of managing different passwords and the burden of resetting them every few months. Smartphones are one of the biggest enablers for passwordless authentication. This is because smartphones have become all-in-one authentication tokens with capabilities for biometric inputs. They boast a wide range of modules, including GPS, network connectivity, biometric scanners, HD cameras, and cellular connectivity. It’s worth noting that passwordless authentication is not a feature in itself, but rather a benefit that results from functionalities such as token-based authentication, biometric authentication, behavioral biometrics, and proximity-based authentication.

As a key technology for improving security posture, MFA became a key assessment element for compliance with multiple rules and regulations. As a result, businesses need to deploy and maintain MFA solutions, and then to obtain relevant certifications, they must also prove that MFA is deployed and enforced across their workforce and customer base.

This GigaOm Radar report highlights key MFA vendors and equips IT decision-makers with the information about MFA needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating MFA Solutions,” we describe in more detail the capabilities and metrics that are used to evaluate vendors in this market.

This is our second year evaluating the MFA space in the context of our Key Criteria and Radar reports. All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Mobile authentication
• Directory integration
• Credential encryption
• Enterprise deployment
• Passwords