Please ensure Javascript is enabled for purposes of website accessibility

Multi-factor Authentication: Mo’ Factors, Mo’ Problems

The dreaded “access denied” error message. It makes you want to cry, doesn’t it?

Not only do you have to change your password every 90 days, but throw in other options for dual factor authentication such as getting a text to your phone or some type of biometric scan… it’s headache central. As I said in February, “More factors only lead to more hassle for the user.”

In the name of security, sure, multi-factor authentication is great. It would just be nice if we could access what we need to access… you know, sometime today?

Unfortunately for us, no matter how frustrating, we better get used to it. The multi-factor bandwagon isn't going to stop any time soon. Even Windows 10 finally hopped on. According to Techtarget contributor Eddie Lockhart:

Windows 10 brings two-factor authentication to the table with Windows Hello. The new tool uses biometric authentication techniques […] The PIN serves as a failsafe in case any of the biometric tools don't work for any reason. The other authentication types are facial and fingerprint recognition. Facial recognition uses infrared cameras to perceive depth, so a photograph cannot trick it.

Apple products have been using thumb print scanning for years. According to MacWorld, iCloud also switched to two-factor authentication in 2015, requiring you “to enter not just your password but a confirmation code from another piece of equipment you’ve established is under your control” when whenever you log in on a different device.

Even the U.S. Department of Defense (DoD) is shifting away from their beloved microchip ID badge called a “CAC” card. According to an FCW article published this week, “Defense Department CIO Terry Halvorsen said the Pentagon will be looking to move to a new hybrid user authentication model, ‘true multi-factor,’ that will combine biometric, behavioral analytics and passwords.”

Don’t get me wrong, their motives are 100% valid. Halvorsen continued, "It is really hard to get you a CAC card when people are dropping mortar shells on you and you need to get into your system. That doesn't work."

At least we are accountants and don’t have to deal with that on a daily basis. We could learn a thing or two from the DoD on the topic since system agility without inopportune lockouts, even if it isn’t as critical. I almost feel silly now… our inconvenience is so trivial.

RSA offers tokenless authentication and claims that this alternative is “a convenient way for your users to authenticate securely, via a web interface, without the need for a token.” I know an accounting firm or two has implemented this option and for that I say “thank you.” Just don’t get excited with biometrics and start scanning my eyeballs. Enough crazy tech associated with our eyes, already.

Does your company have a unique way to access their corporate castle? We promise, their secrets are safe with us.