Five best practices for implementing two-factor authentication

This post is the third in our series on digital security and two-factor authentication.

In our earlier posts, we discussed the Heartbleed virus and how it brought consumers’ attention to digital security, plus some advantages of two factor authentication.

Here are five best practices to help you implement, transition, and maintain a two-factor verification program.

locks

Photo used under a CC license from Flickr user Steven Tom.

Look for Compliance

Choose a two-factor verification solution that is built on standards-based crypto-algorithms and authentication protocols. These standards undergo public scrutiny, helping ensure that products that meet them are more secure.

Consider Your Access Points

Do your users access the system at their office desks? At home? On the go? Overseas? All of the above? Keep these access points in mind and choose a solution that can accommodate all the places users need to authenticate.

Find a Champion

Like any project that requires management, implementing authentication will work best with an internal executive to champion the process. This champion will also help keep the program on track over time as momentum slows.

Accommodate Partial Adoption

Technology and cultural factors may prevent you from switching all your users to two-factor verification at once. Look for solutions that accommodate this limitation and easily scale with your needs as you incorporate existing and new users.

Implement a Program

Implementing something new is about more than just installing some software and walking away. For your initiative to succeed, the product must be part of a larger program, with training and resources available for everyone involved.

Ensure that end users have access to walkthroughs and resources, and encourage them to use the new technology. You’ll need to be able to answer these questions from users:

  • Will this work on my phone/carrier? What if it’s not a company-supplied device?
  • What if I forget my password or PIN?
  • What happens if I lose my device or it gets stolen?
  • What if I change phones or SIM cards?
  • How is my privacy protected?
  • Does it work internationally? What if I’m offline?

This post concludes our series on digital security and two-factor authentication. Want a more in-depth discussion? Read the full whitepaper here.

LEARN MORE ABOUT 2FA

nec pulvinar felis at massa eleifend ante.