We just launched MobileIron Authenticator, the next step toward our vision of simple and smart security for Modern Work, and I’m really excited to tell you all about it.
What is MobileIron Authenticator?
MobileIron Authenticator is a modern multi-factor authentication application, with a little secret sauce. Skip to the section on the secret sauce if you already know that passwords are not secure, not simple, and not smart.
What is multi-factor authentication (MFA)?
Multi-factor authentication is a means to verify that someone is who they say they are. Most often, this is done by requesting the user to present multiple factors to confirm their identity. For the sake of this conversation, we will focus on two commonly used factors.
- Knowledge factor – something a user and “only the user” knows —like your ATM PIN or a password.
- Possession factor – something a user and only the user has—like your debit card or a security token. Yes, that digital key fob you carried everywhere because it generated numbers you had to enter into your computer every time you wanted VPN connectivity to get work done.
When a user presents both factors they are more likely to be who they say they are.
Examples of MFA in your daily life
- Withdrawing money from an ATM requires 1) PIN (knowledge) + 2) Debit card (possession)
- Accessing your Salesforce account requires 1) password (knowledge) + 2) nothing else?
Why do we need MFA OR why are passwords not enough?
Passwords are just not secure anymore. Unfortunately, passwords are rarely something that a user and “only the user” knows.
Why? Because people leave passwords on post-it notes, organizations get hacked and lose user data, and most importantly—because people believe that there is some well-meaning member of a royal family willing to share their fortune.
Malicious actors can easily trick users into giving them their passwords. As a result, we need an additional factor to verify users.
But wait, there are other problems with passwords too
- Users hate passwords. Who likes memorizing a password that is at least 8 characters long, has upper-case letters, has lower-case letters, has numbers, has special characters but not ^*()!, and is not the same as the last one you created 90 days ago.Also, good luck trying to enter it on a smartphone when you are driving down the freeway at 75 mph or 120 km/h! Seriously, don’t text (or enter passwords) and drive.
- Passwords are not intelligent. Passwords might tell you a little about the user, but they do not tell you a thing about the endpoint, the app, or the network being used to access business data.In other words, passwords alone cannot stop business data from being accessed on jailbroken devices or running malicious apps over compromised wireless networks. This is bad for data security.
So what should you do?
You should deploy a security solution that can 1) correlate a variety of signals from the user’s environment including device, app, service, network, geographic location, and more to then 2) provide adaptive security flows that match the risk of the user’s environment.
The secret sauce—MobileIron Access, now with MobileIron Authenticator
MobileIron Authenticator is a part of MobileIron Access, our cloud security platform. The addition of MFA capabilities to Access’s powerful policy engine and seamless single sign-on (SSO) capabilities, gives Authenticator an edge over your run-of-the-mill MFA offerings.
- Authenticator is modern MFA – the industry is moving away from using hardware tokens to using a phone as a factor. Authenticator uses MobileIron-secured smartphones as a factor, allowing users to verify their identity via push notifications.
- Authenticator is simple MFA – enrolling users for MFA doesn’t get any easier than this. MobileIron UEM deploys the Authenticator app and configures it. All the user has to do is launch the Authenticator app to activate MFA. One-touch enrollment. Users don’t have to read 10 step setup guides, download apps or scan QR codes. It doesn’t get easier.
- Authenticator is smart MFA – Authenticator, being a part of Access, lets you define context-aware policies so that users are only prompted for MFA when they are on an untrusted device or otherwise untrusted environments. When using trusted devices, apps, and networks, the user gets passwordless sign-on—because nobody likes passwords.
Where do I learn more?
This article was originally published here.