Whether it be to comply with regulatory constraints such as the European Payment Services Directive (PSD2) or the French military planning act (LPM), strengthening the security of access to the information system or improving the user experience by removing the use of passwords, strong, 2-factor or multi-factor authentication is an excellent response to these three major issues which lie at the heart of a global IAM strategy.
Strong authentication can be defined as the combination of at least two of the following authentication factors: what I know and I am the only one to know (password, PIN code, etc.); what I possess (chip card, certificate, token, smartphone, etc.); what I am or what I do (fingerprint, face, voice, behaviour, etc.). Ideally, at least one of these factors must be “one-time”, otherwise we refer instead to “strong” authentication. In general, however, it is the terms “MFA” (multi-factor authentication) or “2FA” (2-factor authentication) which are used nowadays to define this strong authentication with several factors.
Authentication can also be adaptive: in this case, the level of authentication and security required to access each application of the information system can be adapted based on the user’s context. It is then dependent on the assessment of a risk, based for example on the detection of an access attempt from a new device, a new location or at an unusual time. Therefore, in order to access the same application or use the same workstation, the user may be asked for different levels of authentication, depending on the evaluation of their current trust level.
Multi-factor and adaptive authentication,
essential component in your IAM platform
It is extremely common to need to use several different means of authentication within the same organisation, due to the diversity of the work and the usage scenarios for access to the IS. Before equipping your users, various parameters need to be taken into account, such as their work environment, their profession, the sensitivity of the applications, the usage context, the expected ergonomics, etc.. You will have to deal with several different authentication technologies: contactless badge, chip cards, smartphone, USB keys, biometric sensors, etc.
Although best practices generally involve streamlining the means of authentication and the usage scenarios as far as possible, they are based above all on using an authentication “hub”. This allows the different means used to be taken into account, and the level of security and authentication adapted to the context, whilst guaranteeing access control and traceability of all operations performed.
Single Sign-On (SSO) functions such as Web SSO, identity federation, or Enterprise SSO (eSSO) can then easily be added to this authentication base, as well as Self-Service, giving users independence should their means of authentication be lost, stolen or forgotten. As such, this base represents a genuine access management platform.
Find out more about our multi-factor
and adaptive authentication solution,
Sign&go Authenticator,
offering the perfect combination
of security and user experience
Benefits of strong, 2-factor,
multi-factor and adaptive authentication
There are many benefits to implementing an MFA solution, which can be broken down into several different areas:
1
Security
- Strengthen the authentication mechanisms in applications and/or workstations, especially the most sensitive ones
- Adapt the level of authentication to the user context
- Eliminate the use of commonplace passwords
- Control the openness of your IS and the outsourcing of services
2
User experience
- Implement a single and ergonomic authentication for all applications
- Streamline password management and renewal
- Factor in the latest standards integrating the use of biometrics, including Microsoft Windows Hello, Apple TouchID/FaceID or FIDO2
3
Standardisation
and regulatory compliance
- Standardise and pool authentication and authorisation infrastructures
- Facilitate access to applications in corporate change contexts
- Fulfil regulatory requirements: GDPR, PSD2, NIS, LPM, Confidentiality decree, etc.