What do you think are the most important factors to consider when picking an MFA solution?

Security & GRCIdentity & Access Management (IAM)
313 viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

1. Usability and User Experience
2. Integration Capabilities
3. Scalability and Flexibility
4. Management and Administration
5. Reliability and Availability
6. Cost and Total Cost of Ownership
7. Compliance and Industry Standards
8. Vendor Support and Reputation

Global Head of AI, Data & Analytics in Software2 years ago

Session length, ease of use and unlikely for an accidental acceptance (not just a yes or no pop-up, put in a number)

Senior Information Security Manager in Software2 years ago

Realize that, as Roger Grimes writes in ‘Hacking Multifactor Authentication’, that every MFA solution can be hacked. They are far from bulletproof. And it is critical that they be configured correctly.

https://amzn.to/46k5VGv

 

CEO2 years ago

I would look for tools that are phishing resistant - MFA is frequently bypassed by session lengths that are too long. I would evaluate tools that are FIDO 2 aligned. 

Lightbulb on1
Director of IT in Healthcare and Biotech2 years ago

Having been on both the end of using a company MFA and also putting in one:
* compatibility with existing solution(s)
* secure
* multiple device options for users, a few % will not have smartphones. 
* transparent vendor (esp. in relation to security issues)
* ease to use

Other considerations:
* SaaS based
* Part of greater SSO/directory solution
* ease of integration and troubleshooting

Lightbulb on1

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Which authentication flow is the most secure?

Username, Password, Biometrics22%

Username, Biometrics, Password39%

Biometrics, Password, Username20%

All are equally secure.16%

Other (comment below)

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

The Transportation Security Administration (TSA) has announced a second security directive, requiring pipeline owners to implement new safeguards against ransomware attacks. Which will be the most critical to implement in the given 90-day timeline?

Specific ransomware mitigation measures17%

Developing/implementing cybersecurity contingency and recovery plans66%

Conducting a cybersecurity architecture design review16%

Other (please share below)

View Results