Is MFA enough?

Every organisation should without a doubt be using some form of multi-factor authentication (MFA). It’s a step forward to better security. That said, it should in no way be trusted as the final line of defence for authentication – and it’s only effective deployed in the right way.

A common problem many organisations have when they bolt on biometrics to their MFA methods, is that it’s only really autofilling poor usernames and passwords in the first place.

If you want to build biometrics into your MFA strategy, you can’t do it at a singular device level. You have to understand all the access scenarios where you need to know with certainty who’s doing what, when and where. And you need to establish who’s biometrics are actually being used and associated with a credential, before you grant them access.