How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Identity & Access Management (IAM)Threat & Vulnerability Management

Very likely6%

Likely41%

Somewhat likely22%

Somewhat unlikely15%

Unlikely10%

Very unlikely2%

Unsure

585 PARTICIPANTS
3.6k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
CTO in Software3 years ago

The "basics" of MFA are usually straightforward and not very challenging to get right. The challenging part is what happens next, I often refer to it as "operationalizing" security - driving adoption and awareness, providing training, controlling configuration drift, etc.

Content you might like

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Read More Comments

Do you feel confident in your current process for taking inventory of all your org’s apps?

Completely confident21%

Mostly confident71%

Not quite confident6%

Not at all confident1%

View Results

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

SaaS compliance audits today are sufficiently thorough.

Strongly Agree9%

Agree59%

Neither Agree nor Disagree21%

Disagree10%

Strongly Disagree

View Results