The advent of modern authentication security places a lot of pressure on the user to remain secure in a constantly changing environment. Using a Mobile Authenticator is one of the most simple and accessible methods to remain secure without compromising usability. We discuss what makes a good Mobile Authenticator in our recent White Paper - The Argument for a Better Authenticator. However, for those administrators and users who may still be on the fence, here are the top 5 reasons to use a Mobile Authenticator in your environment.
Security, Accessibility, Convenience, Simplicity, and Flexibility
The top reason to use a Mobile Authenticator is the obvious one: security. With applications moving to the cloud and providing users with streamlined access to everything, everywhere, security is the top concern for authentication. Many solutions address the problem of password fatigue through a convenient single sign-on solution or something like a password vault. However, few solutions adequately address the issue of secure access. Finding the balance between security and usability is a tough goal, to be sure. That does not mean that implementing Multi-Factor Authentication (MFA) has to be difficult.
A Mobile Authenticator uses a Time-Based One Time-Passcode (OTP) linked directly with an authentication server to ensure credibility. The OTP itself is associated with a single account and remains valid for a limited timeframe. By pairing this MFA option with a login attempt, users can rest assured that they are the only users who can gain access.
Mobile users comprise the majority of modern end-users. These users constantly work on the go, using mobile devices such as laptops, tablets, or mobile phones. The practicality of these devices makes for an obvious integration point for MFA and Self-Service Password Reset (SSPR).
One of the biggest hurdles with adopting MFA is getting end-users to obtain and utilize yet another device. Mobile Authenticators are accessible to mobile users in a way that other devices cannot match. The integration comes from a device that these users currently have, and understand. Of course, tapping a screen to use and configure the app is old hat for most users by now.
Similarly, Mobile Authenticators offer a convenient method of providing end-users with additional functionality. Specifically, the modern Mobile Authenticator provides a convenient location to reference a second factor for authentication, as well as resetting passwords and managing account details. Due to the device integration, MFA and SSPR can be accomplished alongside other tasks with minimal effort required.
Improving security is difficult – that is a well-known problem with implementing any version of MFA to an established authentication system. With a Mobile Authenticator, however, adding MFA doesn’t have complicate matters. The Mobile Authenticator takes advantage of equipment and processes that users are already intimately familiar with. There is no requirement to learn any new skills or utilize new devices.
Additionally, most Mobile Authenticators format OTPs using a simple subset of characters. By utilizing a simple OTP format, users can input an OTP for MFA without additional strain or complication. The Mobile Authenticator approach takes the strain from the authentication so that users can relax and focus on the importance of the business at hand.
Security requirements do not typically bend. That is the whole point of security: users must provide the second factor, and that is the end of it. However, even if the MFA requirement doesn’t bend, the entire process can still be flexible without impacting security. Gone are the days of MFA tokens being lost or left on a device that is no longer owned by the user. With a Mobile Authenticator and an associated Authentication Package, users retain access to their accounts even if the phone is destroyed, replaced, or otherwise out of commission.
While the Mobile Authenticator itself is not immediately retrievable, modern Authenticator apps often have the ability to sync to a specific account for retrieval on a new device. Authy by Twilio comes to mind as a solution that offers this very service. For personal security, this function of a Mobile Authenticator can be paired with an Authentication solution that allows for easily swapping MFA requirements. In the event that a phone is replace or otherwise out of the picture, users can authenticate using a secondary or tertiary MFA method and re-enroll the new phone. Simultaneously, the Mobile Authenticator pulls in ALL other accounts for which the App is used, and the user can continue on.
When MFA is present, major changes require additional effort. With a Mobile Authenticator, the effort is minimal and more time is focused on getting the user back to where he or she needs to be.
Where to Go from Here
Environments that are serious about implementing MFA without sacrificing usability should make the use of a Mobile Authenticator the top priority. Solutions like PortalGuard offer a complete authentication package that supports this integration, while also evolving alongside the ever-changing authentication security environment.
Why pay more for multiple solutions when one will do it all? Take the next step and try out PortalGuard today. Your end-users deserve security and usability, so don't settle for less.