Key Criteria for Evaluating Multifactor Authentication (MFA) Solutionsv2.0

1. Summary

Multifactor authentication (MFA) addresses one of the most vulnerable elements in cybersecurity—humans. As most attacks are enabled through social engineering, MFA intervenes by verifying identity through methods such as biometrics or physical tokens that can’t be shared unknowingly by users. Even if a password is compromised, the likelihood of a malicious actor having access to a physical token or the user’s biometrics is low, especially in a remote environment.

MFA can verify identity by using:

• Something the user knows: Good old-fashioned passwords.
• Something the user has: An item only the authorized person typically has access to, such as an ID card, token, or a smartphone.
• Something the user is: Biometric data that belongs to the authorized person—such as a fingerprint or face scan—that can be captured and stored on most smartphones or laptops today.

And, increasingly:

• Something the user does: Behavior-based biometrics.

Despite the irrefutable benefits of MFA, poor user experience (UX) has hindered its adoption. Especially for users who haven’t bought into the solution’s benefits, additional verification steps can be seen as a nuisance, an inconvenience blocking access to the IT resources they need. Ensuring a seamless experience while also maintaining security is one of the main challenges MFA solutions need to address, and there are a number of ways they can reduce the burden on the user. Solutions can make intelligent assessments about whether an additional authentication factor is required—for example, based on known devices or locations—or they can offer a range of methods for supplying additional authentication, such as a laptop’s fingerprint scanner or an authorization URL sent via email. Such steps can improve the UX, drive adoption, and enhance security.

MFA can also help advance the move to passwordless authentication, for which other verification methods supersede passwords. This approach improves security by removing the vulnerable password and can enhance the UX by removing the need to manage different passwords and the burden of resetting them every few months. It’s worth noting that passwordless authentication is not a feature in itself, but rather a benefit that results from functionalities of MFA solutions.

Securing user access to systems is critical for an enterprise. Failing to do so can lead to significant security breaches, data loss, and subsequent negative business impact. MFA is a powerful tool that can help protect enterprise data. The UX has been considerably improved over the years, making it easier to adopt, and it’s capable of significantly reducing the risk of security breaches.

This is the second year that GigaOm has reported on the MFA space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key criteria, and emerging technologies) and non-functional requirements (evaluation metrics) for selecting an effective MFA solution. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading MFA offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.