The Next Chapter of MFA: Bio-factor Authentication

As security perimeters shift toward an identity-centric model, it becomes increasingly important for organizations to rethink their existing authentication methods. Multi-factor authentication as it stands today is simply not enough. Common MFA solutions, such as Duo, Ping Identity, and Okta, rely on outdated practices like push-to-accept or security tokens that are all too easy to bypass through common social engineering and technical attacks.

Bio-factor authentication (BFA) provides a much more secure option by requiring an end user to supply a biometric, such as a fingerprint or iris scan, as a second form of authentication before they are granted access to a particular system or device. BFA represents the next generation of MFA solutions in the ongoing battle against cyber threats and will reduce risk exposure, secure remote access, and improve the overall security posture of the enterprise.

MFA Shortcomings

There is no shortage of evidence demonstrating the inability of MFA solutions or passwords to secure sensitive information. According to a recent Forbes article, nearly 80% of organizations have experienced an identity-related breach in the past two years alone. In 2019 the FBI warned against the sole use of traditional MFAs when safeguarding important data and recommended that organizations implement biometrics to better defend against attacks.

Yet here we are in the early weeks of 2021, reeling from fallout of the most dangerous cybersecurity breach in US history (which, by no accident, involved compromised passwords), and bio-factor authentication is not yet a standard practice for most organizations.

Biometrics For Personal Security

While BFA is a fairly new concept for securing the enterprise, we have relied on biometric authentication as consumers to secure our personal devices and data for a number of years. One of the most well known examples of this is Apple’s release of Touch ID in 2013.

Many of today’s applications, including mobile banking and healthcare, have adopted biometrics as a method of securely verifying that a user truly is who they say they are. This should not only provide some peace of mind for organizations concerned with user adoption, but also reassure leadership that security and a frictionless user experience are not mutually exclusive.

BFA for Remote Access

More people are working remotely than ever before and that trend is expected to continue. A recent workforce report predicts that by the year 2025 the number of remote workers will be double what it was pre-COVID. If the sheer number of remote workers isn’t enough to raise alarm, consider this: users from teams like DevOps or InfoSec with privileged access will be among those working remotely. That means that people whose jobs are to push out code or access sensitive data, people from critical infrastructure sectors like energy, telecom, healthcare, and defense, government employees, contractors, and subcontractors - thousands of employees will be accessing privileged, sensitive, and confidential information remotely. And we’ve seen how easy it is to circumvent the technologies we currently rely on for authentication.

It’s time for organizations to rethink authentication by adopting the most secure form of authentication available today - biometrics.

To learn more about Bio-factor authentication, please visit: