What Is a Multi-Factor Authentication (MFA) Solution?
Multi-factor authentication (MFA), is an authentication method that requires more authentication than the username and password. It allows you to access an account, application, or device using multiple factors. Other authentication options include key fobs and USB USB-based key generators. Smart cards and biometric identification are also possible.
Systems that rely solely on passwords to authenticate are vulnerable. The user is responsible for their security and the hygiene of their passwords. According to Verizon’s 2020 DBIR Report, 80% of security breaches occurred in 2020 due to compromised passwords. MFA can be implemented by companies at both the customer-facing and employee-facing points to increase security.
Key Must-Have Features of a Multi-Factor Authentication Solution
When integrating MFA solutions into your business, there are many things to take into consideration. These are the main features you should be looking for:
1. Granular policies
MFA solutions are based on access policies. MFA solutions must be able to support policies at every level, including user, role, and application. This ensures that the solution can be scaled and is consistent.
2. Self-service capabilities
MFA solutions are able to balance security and usability. A higher frequency of authentication can lead to lower employee productivity and could cause end-users to abandon the application. This problem can be mitigated by giving users more control over the authentication methods they are allowed to use. Accessibility to tokens must allow users to choose and modify login types.
3. Third-party integrations
Companies integrate their company networks with third-party solutions like Dropbox and cloud-based SaaS service providers. Payment apps like Stripe are the leaders in the integration space. It will be easier to use MFA software that can connect to these apps if it is more well-equipped. It’s a bonus if MFA software integrates with existing security implementations.
4. Comprehensive dashboard
A dashboard is something that we all take for granted in any software solution. However, it is especially important for MFA solutions because access and authentication policies can quickly become complicated. One dashboard for policy administration would make admins more productive and faster.
5. Reports and logs
MFA implementation is required by some industries to comply withcompliance requirementssuch as HIPAA or PSD2. Auditing in these cases requires activity logs for compliance reasons. Administrators can spot anomalies and threats to security with customizable reports that are comprehensive and customizable. Security hygiene is a key component of good reports and logs.
6. Adaptive authentication
MFA solutions rely on three fundamental factors: knowledge and possession. Advanced MFA solutions however leverage additional contextual factors. These factors include the location of the user, the time at which they requested access, and the health of their device.
These factors must be taken into consideration when the MFA software is used. For example, if a login request is received after office hours, an additional authentication step should be added. If the pre-configured tokens cannot be accessed (e.g. no internet access), users should be able to access other modes of authentication. This allows for a more seamless user experience.
7. Varied authentication tokens
With technological advances, the number of authentication tokens available is growing. The highest level of authentication is provided by biometric tokens like fingerprints (inherence), while passwords and security questions (knowledge), are the most reliable.
An MFA solution that provides many options for this range of security features is a good choice. OTPs via SMS, phone calls, authenticator app, push notifications, hardware tokens, and soft tokens as well as biometric-based tokens and smart cards are some of the most popular tokens.
8. Deployment options
MFA solutions are available deployed on the cloud, or on individual devices. Because of the many uses, most enterprises need a combination of both. It is important that the MFA’s deployment options are compatible with the organization’s existing architecture. These are the most widely used deployment options currently: policy server deployment on cloud and policy-server as-a-service.
Top 10 Multi-Factor Authentication Software Solutions for 2021
We have now seen the importance and value of MFA solutions. Let’s look at some multi-factor authentication software options available in 2021.
Disclaimer: These listings were compiled from publicly available information as well as vendor websites. It is recommended that readers do extensive research about each software. The alphabetical listing of companies is provided.
1. CISCO Duo Security
- Granular policies: This allows policy implementation at the application, user, and global levels via an admin dashboard.
- Self-service capabilities: Users can choose and update authentication controls.
- Integrations with third-party devices: This can be used to integrate with iPhones, Android mobiles, and other devices, such as the Apple Watch.
- Comprehensive dashboard: Duo Device Insights and Duo Trust Monitor work together to give administrators a 360-degree view of all activities and endpoints.
- Reports and logs – It offers multiple reports, such as a deployment status report, administrator actions report, and policy impact report. Duo offers authentication logs, administrator logs, and telephony logs to prove compliance.
- Adaptive authentication: It providesadaptive security policy, such as new user security and location-specific access policies.
- Multiple deployment options: Duo Mobile App provides 2FA capability to devices both on-premises and in the cloud. Duo Restore allows users to restore and back up the Duo Mobile App.
Supported authentication methods: ToTP passcodes, Duo push to enable push notification-based authentication, and SMS passcodes for phone callbacks, U2F devices like Yubico’s YubiKey, and TouchID via WebAuthn (Web Authentication Protocol), bypass code if 2FA is not available.
Customer support: Duo Security customer support is available via email, phone, chat, and initiating a case. Customer support for Duo Care Premium is available 24×7 with priority issue resolution.
Pricing:Duo provides four subscription packs with varying feature support:
- Duo Free – Free up to 10 users
- Duo MFA – $3 per user per month
- Duo Access – $6 per user per month
- Duo Beyond – $9 per user per month
Editorial comments: Duo Security is available for use in all types of organizations. Customer support seems to play a major role in the setup and configuration process. Users also complain about a slow response time for policy reflection and authentication notifications, particularly in larger implementations.
2. Idaptive MFA
- Granular policies: Idaptive enables the creation of highly tuned access policies.
- Self-service capabilities: Users can add or modify authentication factors using the Idaptive portal.
- Integrations from third parties: Idaptive can be integrated into legacy apps, cloud apps, endpoints, and VPNs. RADIUS servers, virtual Desktops, and identity providers. It can be integrated with SSO by using federation standards like SAML.
- It features a comprehensive dashboard.
- Reports and logs: This report shows authentication activity, including successful login attempts and secondary authentication failures.
- Adaptive authentication: This takes into account the MFA bypass period, and dynamically adjusts authentication requirements to reflect risk.
- Multiple deployment options: Idaptive MFA offers flexible deployment options.
Supported authentication methods: FIDO2 keys and virtual tokens, OATH-based OATH-based mobile authenticators. Push notifications, SMS messages, and emails. Security messages and email.
Customer Support:The online customer support portalIdaptive offers.
Pricing: Idaptive’s MFA solutionsstandard is $2.50/user/month. The adaptive MFA costs $5/user/month. You can also get an SSO solution for as low as $2-$4 per user/month. You can try it for 30 days free.
Editorial comments: Idaptive is ideal for small and medium-sized businesses. It integrates well with other HR platforms like WorkDay. Customers have complained that the pricing structure can lead to expensive increases if it is not carefully considered. This also calls for better documentation.
3. OKTA Adaptive Multi-Factor Authentication
- Granular policies: Policies may be based on many factors, such as location, group definitions, and authentication type.
- Self-service: OKTA offers self-service registration (SSR), for its users.
- Integrations from third parties: OKTA Okta MFA can integrate with multiple apps, VPNs, servers, VDIs, and identity providers. OKTA Verify Push integrates with custom enterprise applications.
- Comprehensive dashboard: This dashboard is easy to use.
- Reports and logs: Provides detailed logs of authentication and pre-recorded reports for audits.
- Adaptive authentication: This supports adaptive MFA by taking into account location context, device context, and network context.
- Multiple deployment options: Thiscloud-basedsolution is available in multiple languages.
Supported authentication methods: Verify OTP, verify voice, push, email, SMS and voice, and integrate with third-party authenticators such as Symantec VIP and Yubikey. It can also be used with Apple TouchID and Windows Hello.
Customer support: Contact OKTA for customer support. You can choose from five packages of customer support: Premier, Premier Access, and Premier Plus.
Pricing: OKTA’s MFA service is $3 per month for adaptive MFA and $3 per user for MFA. Minimum annual contracts start at $1,500 You also get a free 30-day trial.
Editorial comments:OKTA is perfect for medium-sized to large businesses with limited budgets. OKTA For Good provides authentication services to nonprofits. Many users have reported problems with constant logging throughout the day.
- Granular policies: OneLogin makes it possible to configure user policies at all levels, including password and session.
- Self-service: Users can resetpasswordsand request access to applications.
- Integrations with third-party providers: The system can be used to integrate with Symantec, Yubico, and RSA as well as Duo and OneLogin.
- Comprehensive dashboard: This dashboard provides administrators with an intuitive status overview.
- Reports and logs: OneLogin creates policy reports and analytics that are particularly aligned to compliance auditing.
- Adaptive authentication: OneLogin SmartFactor authentication(tm), an adaptive authentication product, calculates Vigilance AI(tm), risk score and adjusts authentication in real-time.
- Multiple deployment options are available: OneLogin Protect can be used for Android, Android Wear, and Apple iOS.
Supported authentication methods: Authenticator app. Email, SMS, voice. WebAuthn for biometric elements. Third-party options like Google Authenticator. Yubico. Duo Security. RSA SecurID.
Customer support:OneLogin offers customer support via webinars and online documentation. You can reach OneLogin’s support team by calling its hotline.
Pricing:Prices vary depending on which products are chosen. OneLogin MFA is $2 per user per month and requires the purchase of OneLogin SO, which costs an additional $2 per user each month. SmartFactor authentication costs $5 per user monthly.
Editorial Comments: OneLogin is a great way to consolidate all apps that can be accessed. This is a great option for companies that need intuitive, user-friendly MFA solutions. For policies to be maintained, the company must provide activity logs as well as a robust admin dashboard.
5. OneSpan(previously known as Vasco)
- Granular policies: OneSpan has its own set of policies and rules, each customizable and extensible to suit the needs of the organization.
- OneSpan supports self-service capabilities.
- Integrations with third parties: This allows integrations with third-party companies.
- Comprehensive dashboard: This interface is web-based and intuitive. It provides administration visibility as well as features for managing large numbers of users.
- OneSpan offers web-based reporting tools for reports and logs.
- OneSpan Intelligent Adaptive Authentication: OneSpan provides a level of security that is tailored to each customer interaction.
- Multiple deployment options: OneSpan offers seven authentication products that are focused on mobile and cloud platforms. It forms a strong MFA system when deployed simultaneously.
Supported authentication methods:FIDO U2F, UAF, and FIDO2-based authenticators, such as Digipass authenticator keytokens, and display cards.
- Mobile push notifications, TOTP via a mobile authenticator, and biometrics.
- OneSpan Sign allows digital signatures
Customer Support: OneSpan can be reached via phone or email. There is an admin and developer community online. Customers may also sign up for professional services.
Pricing: OneSpan offers annual licenses for each product with pricing that is based on how many users. It starts at $570
Editorial Comments: OneSpan’s encryption offerings and compliance-ready options make it a great solution for banks and finance-based organizations. Apps that require banking transactions will also benefit from OneSpan’s encryption. It is important to consider the maintenance costs before you decide to use OneSpan products.
6. Ping Identity Multi-Factor Authentication
- Granular policies can be set up through the admin console, or via APIs.
- It provides self-service capabilities to developers and administrators.
- Integrations with third-party companies: Provides MFA for web apps and VPN, SSH. Windows login, Mac login. RDP, ADFS, Azure AD.
- Comprehensive dashboard: This dashboard provides admin insight into MFA usage, SMS costs, and other information.
- Reports and logs: Ping Identity creates intuitive reports.
- Adaptive authentication is a combination of risk-based policies and context-based factors like IP reputation that determines if a customer needs MFA in different situations.
- Multiple deployment options: This cloud-based solution connects to existing systems via web services and can be deployed in multiple ways. PingID offers a variety of implementation options, including a mobile app for Android and Apple, as well as a desktop application and PingID APIs.
Supported authentication methods: Fingerprint,Facial Recognition, swipe and Apple watch app, FIDO2 Biometrics, security keys, OATH tokens, authentication app: YubiKey’s Yubico OTP. Email, SMS OTP, and voice OTP.
Customer Support:Ping Identity offers online support. You can also access online documentation and a developer knowledge base. Support can be reached by raising tickets. Users can also opt for Ping’s professional services.
Pricing:Prices start at $3 per month for PingID or SSO. Pricing varies depending on the bundle of Ping’s services you choose, such as privacy and consent management, unified customer profiles, or risk management. You can try it for 30 days free.
Editorial comments: PingID is a flexible and scalable solution that can be used by large companies that run primarily on the cloud. However, it does not have a comprehensive dashboard that can be used to assist admins in monitoring and maintaining the system. The reports are not as robust as other options on the market.
7. RSA SecureID Access
- Granular policies: RSA is pre-configured with access and token policies, which can be customized or extended.
- Self-service capabilities: RSA offers self-service capabilities.
- Integrations with third-party vendors: It supports standard agents and connectors for SAML-, RADIUS-based applications as well as IIS/Apache and Windows.
- Comprehensive dashboard: This dashboard uses machine learningto perform behavioral analytics, business context and threat intelligence.
- Reports and logs: RSANetWitness(r), Platform offers user and entity behavioral analysis (UEBA), to alert users of suspicious activity on the network. RSA Archer(r), Suite gives insight into how a user’s access might impact the business and its compliance posture.
- Adaptive authentication: Administrators can create conditional access policies that are based on IP address or trusted location. It supports risk-based policies like identity confidence andthreat consciousness.
- Multiple deployment options: RSA SecurID Access is available on VPN, on-prem apps, SaaS and Cloudcloud. It can also be used to implement existing SSO. It can be deployed both on-premise or in the cloud.
Supported authentication methods: Push notification, one-time password, SMS, voice callback, biometrics and wearable, FIDO and U2F hard tokens, and RSA Soft tokens.
Customer Support:SecurID Access offers online technical documentation and a community of users. It offers personalized support with a designatedsupport engineering or a technical account manager.
PricingRSA SecurID access has three editions. The pricing depends on how many users are covered.
- Base – $1 to $4
- Enterprise – $1 to $5
- Premium – $1 to $6
- It also provides a free trial.
Editorial comments: RSA SecurID(r), Access is a trusted name in the MFA industry, particularly when it comes to remote work. This is a great choice for small to medium-sized businesses. RSA is a good choice for organizations with a mixture of token requirements and weightage on hard tokens.
8. SecureAuth Identity Platform
- Granular policies: This platform permits geo-location-based policies. It triggers step-up MFA for location anomalies.
- Self-service capabilities: Users can auto-enroll their devices/web browsers.
- Integrations with third-party tools: It can integrate with third-party risk assessment software. It integrates with user directories like AD, LDAP, or SQL and simplifies login with Desktop SSO.
- SecureAuth offers a comprehensive dashboard. SecureAuth is a single-user management console. SecureAuth provides an administrative portal that allows you to create, test, and reuse adaptive security policy based on real-time authentication telemetry, analytics, and other data.
- Reports and logs: This system supports embedded reporting and logging.
- Adaptive authentication: This allows for geolocation-based policies and triggers step-up MFA for location anomalies. It uses behavioral analytics that is based on failure rates and time-based policies.
- Multiple deployment options: SecureAuth offersdelivery on-premises, in the cloud, and hybrid delivery.
Supported authentication methods:
- WebAuthn: Touch ID and Windows Hello, Fingerprint ID and YubiKey
- Mobile authentication apps: SecureAuth authenticates with push notifications, Symbol-to accept.
Customer Support: SecureAuth offers a support portal as well as online documentation. It offers three additional support packages: mission-critical, premier plus, and premium.
Pricing: SecureAuth pricing begins at $1 per user per month.
Editorial Comments: SecureAuth works best for medium-sized businesses. Some users report experiencing problems accessing the internet from their devices.
9. Symantec VIP
- Granular policies: VIP allows for granular policy configuration.
- It offers self-service capabilities.
- Integrations from third parties: Symantec Authentication can be used to integrate with VPNs, web apps, cloud services, and user directories using SAML and RADIUS standards. Developers can also use the SDK to embed security in their web, mobile, and IoT applications.
- Comprehensive dashboard: It features dynamic rules that are updated in real-time to match business policies, respond to new threats and user requests. You can immediately access data by providing feedback about what triggered fraud. This allows you to take action to increase fraud thresholds.
- Reports and logs: The system generates logs and reports as evidence of regulatory compliance.
- Adaptive authentication is a method of identifying user behavior based on their behavior patterns, geolocation, device, time, day, and velocity.
- Multiple deployment options: This is a cloud-based service.
Supported authentication methods:Symantec VIP supports desktop OTP, FIDO support, fingerprint (Touch ID), face ID, security tokens, device ID, OAuth tokens, OTP over email or SMS, push notification, and risk-based authentication.
Customer Support: VIP offers multiple online self-help learning platforms. You can reach a technical support team 24 hours a day. You can also create MySymantec cases to raise issues.
Pricing: Symantec VIP pricing is based on subscription licenses. Prices start at $4,500 per annum, depending on how many users you have and what support plan you choose. Enterprise solutions include Bronze and Gold plans as well as Platinum plans.
Editorial commentsWhile Symantec can be a great option for large corporations, it can prove costly for smaller businesses. Non-enterprise customers have complained about poor customer service since Symantec was acquired by Broadcom.
10. WatchGuard’s Authpoint MFA
- Granular policies: Authpoint permits users, groups, and resources to be configured.
- Self-service capabilities: It provides secure SSO portals.
- Integrations with third-party services: It allows integration with multiple third-party solutions, including Splunk and Citrix. It provides full synchronization with existing user repositories, such as Microsoft Active Directory or LDAP, and automated token provisioning and deletion.
- Comprehensive dashboard: The AuthPoint management UI gives you a 360-degree view of all users, groups, and resources. It also displays authentication policies and external identities.
- WatchGuard Cloud offers multiple views and reports.
- Adaptive authentication: This uses context rules to provide adaptive authentication.
- Multiple deployment options: Authpoint can be deployed in multiple ways.
Supported authentication methods: AuthPoint adds additional MFA solutions such as a push message or QR code. It also provides an AuthPoint app and a physical token.
Customer support:WatchGuard offers robust online documentation as well as a support portal. It offers technical support 24 hours a day. It offers three support packages: Standard, Gold, and Platinum.
Pricing: AuthPoint offers subscription bundles. Prices are based on subscription length and the number of users. Prices start at $20
Editorial Comments: AuthPoint is ideal for SMEs. Customers report some teething issues and it is relatively new compared with mammoths like RSA or Ping.
To prevent breaches, it is crucial to implement alayered authenticationthat allows users to access an account, application, or device. MFA is growing in popularity, particularly with the rise of online transactions due to the COVID-19 epidemic. Companies in all industries should consider investing in MFA solutions.