Skip to content

Try Token Ring

How Next-Generation MFA Closes the Security Gaps of Legacy MFA

By John Gunn, CEO, Token  |  3 minute read

2022 will go down as the year when multi-factor authentication (MFA) failed. A record number of organizations of all types suffered attacks from malicious cyber criminals, and the losses totaled billions of dollars. Membership in the victims' club is skyrocketing with thousands more joining Uber, Cisco, Hanes Brands, and Rackspace to name of a few of the firms that were breached despite having great people, policies, and tools. In all of these instances, their legacy MFA was defeated. These incidents are hard evidence that legacy MFA is no longer effective against today’s sophisticated attacks.

Enemy state-sponsored hackers and cybercriminals are routinely defeating legacy MFA, and organizations should not rely on it to secure their assets. Instead, organizations need is a way to capture the security benefits of traditional MFA while securing digital identities and eliminating its weaknesses. The solution is next-generation MFA, a powerful combination of three key elements – using biometrics, removing a reliance on human perfection, and utilizing a wearable device for improved security.

Overcoming the weaknesses of legacy MFA with biometrics

Biometric authentication is the most secure MFA factor that can still prevent ransomware and data breaches, significantly reducing the risk of successful cyberattacks and offering improved security over traditional methods. Hackers cannot phish a victim's fingerprint. It provides the strongest protection against phishing attacks, social engineering attempts, ransomware, and credential stuffing attacks. It can also avert account takeover attacks, eliminate BYOD vulnerabilities, and provide enhanced protection against today’s biggest cyber threats like easily stolen SMS one-time passcodes, weak passwords, and lost credentials.

A crucial consideration when using biometrics based authentication is ensuring the absolute protection of the biometric information. The biometric data must never leave the device, and it must be inaccessible to hackers. This eliminates the use of biometric information on servers or in the cloud, and the use of mobile devices as authenticators. However biometric authentication solutions that deliver the desired protection while safeguarding data are available today in the burgeoning Next-Generation MFA space.

Eliminating reliance on human perfection

Cybercriminals are consistently refining and developing their attack methods with amazing progress. Today’s phishing and social engineering attacks are incredibly hard to detect for most users. Worse yet, with the introduction of generative AI, the risks and losses will escalate. Today’s solutions rely on human perfection – every user must be trained to identify the most sophisticated attacks. Even with thousands of unproductive hours invested in training, all it takes is one careless click on one malicious link.

Instead, remove passwords, OTPs, authorization prompts, and other processes that rely on human perfection, thereby enhancing the user experience by simplifying authentication. In doing so, the organization can protect digital identities even for the most naïve user from the most sophisticated attacks, including social engineering and other advanced threats.

Ending the frustrations of legacy MFA dongles

Dongles get lost, stolen, and left in the computers they are supposed to protect. Some dongle vendors recommend their customers buy two dongles for every user, because they get lost so frequently. How secure and cost-effective is that?

A wearable MFA device is always with the user, never gets lost, and responds only to the authorized user, so no one else can use it. In other words, there is no way for an adversary to bypass the device with any attack technique. And because the device is easy to operate by the authorized user wearing it, the user experience is significantly improved, providing all the security benefits of Next-Generation MFA along with an easy, on-demand path to passwordless access.

Recommendation

Of course, MFA of any type is a much stronger and much more reliable way to protect users and organizations from many kinds of cyberattacks than using passwords. However, the doubling of successful attacks and the massive financial losses demonstrate that legacy MFA is no longer safe or effective. To protect against unauthorized users, organizations need much more than traditional MFA. They need Next-Generation MFA. It is cold and evil out there in the cybercriminal land, and the unprepared pose easy targets.