I’m here with the Centrify team at this year’s Mobile World Congress. We are proud to be demoing some very exciting new mobile features that help boost security in the workplace.
We’re all aware of the regular cadence of news regarding hacked companies. Huge names we all know, down to some smaller players. You name it, nobody is safe. All of these hacks are being traced back to the fact that companies have holes in their security practices, which usually include some form of weak password and authentication controls. Re-used, shared, or poorly secured passwords are compromised by the attackers, and used to gain access to corporate resources time and time again.
Here at MWC, we’re highlighting a novel implementation of technology that, when deployed, can address and solve many of these security weak-points…and that’s Multi-Factor Authentication (MFA). For those of you not aware of MFA, think of your ATM card which employs the basic rules of MFA; you can’t get access to your account without the combination of something you have (your ATM card), and something you know (your PIN). Without both of these multiple “factors,” access is not granted.
You can see the obvious security benefits of MFA when you consider cloud app user accounts. Even if someone knows, or is able to hack/guess your password; they have only the “something you know.” They still need the “something you have” to gain access. This technology is widely understood, but IT departments typically loathe deploying it, and end-users often hate using it, because traditional implementation has been a real burden on both IT and users.
The typical way this technology is deployed is by a standalone fob, or an app on your phone that generates a code every 30-60 seconds. When you log-in to a site or app that requires MFA, you have to find that fob, or open your device and find the standalone app, and then enter a race where you have to find, remember, and type a random code string before it times out.
As a product manager at a security company, I know that MFA is critical to secure user access to devices and applications. But my real challenge is how to make it easy enough to use so that IT wants to deploy it and users don’t mind it..or even better users aren’t even aware that they are using it.
I’ve thought a lot about this challenge, and Centrify has come up with a feature that I believe brings seamless MFA to everyone. We’re proud to be showing it off here at MWC.
We call it push-MFA notifications. When you use Centrify Identity Service, and you log in to your portal, or launch an app that the administrator has designated as requiring MFA, you receive a notification to your mobile device, asking if you did indeed request this access. If you did, simply click “Accept” right in the message and your MFA code is automatically sent to the cloud and verified. Snap, you are logged in! No fobs, no codes, just secure access to the app you want to use – using secure MFA.
If you didn’t initiate the request, just click “Deny” and that session is terminated. Whomever was trying to gain access as you, is blocked — would-be attackers are thwarted.
We’ve also taken this a step further, and integrated with Android Wear, to bring actionable notifications to your smartwatch. Now you can login with MFA, and not even take your phone out of your pocket.
Check out the video on this page to see this exciting function in action.
As the market for wearables takes off, we can leverage these devices that are physically bound to you as a great way to extend security for IT, as well as user convenience and experience for end users. It’s a win-win. If you are here at MWC, come by the Samsung or AVG booths in Hall 8 to see a demo.