What to do When You Don't Always Need Two-Factor Authentication

by Christopher Perry 0 Comments


191Two-Factor Authentication (2FA) is an important topic of discussion where security is of concern. Too many data breaches have occurred over the last 10 years purely because of lackadaisical security requirements. Many of these events would have been avoided with a proper Two-Factor Authentication system in place.  Security: personal, private, corporate – the list goes on and on. Each entry a reason for some level of raised security, because the risk far outweighs the potential user frustrations on a grand scale.

However, why not have Two-Factor Authentication when you need it, and remove it when you don’t? What do you do when you don’t need Two-Factor Authentication? The answer is simple.  You simply take away the requirement.

Why You May Not Need 2FA All the Time

For most individuals and organizations, Two-Factor Authentication is an all or nothing approach. Security requirements need to increase, so everyone must perform Two-Factor Authentication.  This approach makes sense for certain instances – those where every user in a given environment has access to sensitive data – but it does not work for everyone. 

Oftentimes, organizational hierarchies require only some users to utilize Two-Factor Authentication for access to sensitive information, while the remainder of users remain 2FA free. Organizations may also find that the scenario is even more complicated. For example: users are protected on premises but have low levels of security in place for accessing sensitive date externally.

Simply put: Two-Factor Authentication is not a cure-all for every security scenario.

Two-Factor Authentication is just like any other solution to a problem: each user will respond differently when individual circumstances are applied. If security requirements become too stringent, end-users will search for and find alternatives to working around the system – thereby defeating the purpose altogether.  In these scenarios, organizations need a solution that selectively applies higher security requirements based on the needs of the user when they access the information.  Contextual Authentication is the answer.

Is Contextual Two-Factor Authentication Right for You?

Contextual Two-Factor Authentication (AKA Contextual Authentication) derives its name from how it applies Two-Factor Authentication requirements.  Contextual Authentication interprets the context of a login attempt and compares that against a set of pre-defined rules.  Using bits of information such as the Time of the login, source IP Address, and Geo Location, Contextual Authentication makes decisions regarding whether or not Two-Factor Authentication is required.

In practice, this solution allows organizations to programmatically increase or decrease security for end-users depending upon circumstance.  For the previously mentioned example, Contextual Authentication would lift the Two-Factor Authentication requirements when users are on the corporate network.  Additionally, Contextual Authentication would then require Two-Factor Authentication when accessing corporate resources externally. 

The big question is whether or not Contextual Two-Factor Authentication is right for you.  If you need to balance usability and security in an environment where Two-Factor is a requirement only in very specific circumstances, the answer is a resounding yes. 

Every scenario is unique.  That is the beauty of Contextual Two-Factor Authentication – it can be configured specifically as needed. If you are not sure whether or not you need Contextual Two-Factor Authentication, give it a try!


Learn more about 2FA in the free White Paper The Argument for a Better Authenticator!

Tags: 2FA, #2FASolutions, contextual authentication, #contextualauthentication, #passwordmanagement, #security, security questions, #securityandusability, #selfservice, usability, User Experience, #2FA, #2ndfactor, Access Control, Access Management, account management, Password Synchronization, secure authentication, two-factor, Two-Factor Authentication, security trends, geolocation, layer of security, mobile authentication, mobile authenticator, Benefits of 2FA, one click, when you don't need 2FA