COVID-19 initiated the most rapid digital transformation ever witnessed across the government and industry—organizations fast-tracked two-factor and multi-factor authentication to transition millions of employees to work from home. But with remote and hybrid work likely to continue in 2022 and beyond, it’s time to step back and ask: is my in-use authentication as secure as I think it is? And what is it really costing my organization?
During COVID-19, many organizations chose the quickest route to get users set up with 2FA/MFA, leveraging mobile authentication methods such as SMS-based OTP or authenticator apps because they were easy to deploy and supported by the ubiquity of mobile devices. Yet, many state and local governments continue to experience cyber attacks that penetrate defenses. What’s happening? How is it that you’re spending more to support 2FA and MFA without a net benefit in security?
While mobile authentication is relatively inexpensive to roll out, most organizations face many hidden costs associated with devices, productivity, and support. For example, if you are requiring your employees to use mobile-based MFA, you must take on the costs for that device, recurring service costs, enterprise device management software and more. Further, the average company loses $5.2 million annually in productivity due to account lockouts - and password costs such as these only represent the first factor in 2FA and MFA. Additionally, many employees can’t, don’t, won’t use mobile-based authentication due to various personal, compliance, or union restrictions.
There are key misconceptions across the industry and government related to mobile-based authentication that are a ticking time bomb, and putting organizations at risk. Read the Yubico white paper Top 5 mobile authentication misconceptions to learn more.
Feel free to reach out to me to discuss how Yubico can help you move away from legacy MFA to modern, phishing-resistant strong MFA.
Michael Santini
michael.santini@yubico.com
408-816-6988