Customers typically use multiple access channels when engaging with companies, and it’s likely that each channel will involve a different way to authenticate.
The reason for having authentication is not to force a multitude of authentication methods on customers, however. That’s a surefire way to alienate them. The goal is to ensure secure access while not negatively affecting user experience. Companies need to unify the customer experience using multi-factor authentication (MFA) to improve security assurance as well as user experience.
To appreciate the need for unification, it helps to understand the concept of authentication fragmentation. As described in the iovation book, “Multi-Factor Authentication for Dummies,” the authentication experience today for both business users and consumers is fragmented across a variety of channels. The result is a poor outcome for everyone involved in the process. Download the eBook.
Creating a Seamless Omnichannel Experience
Enterprises today communicate with consumers through many touchpoints. For instance, banks allow customers to access their accounts via online banking, mobile apps, ATMs, and tellers. Each of these touchpoints serves as a channel to the same account, but requires a different authentication method.
The same user might need to authenticate with a username and password for an online account, with an ID card in person, and with knowledge questions when calling customer support. While organizations strive to achieve omnichannel customer engagement, they often require different authentication methods for each channel.
No one can relate to the hassle of a fragmented authentication experience like enterprise IT users. At any point, users might need to authenticate to multiple applications and systems in order to do their jobs. In addition to creating a poor user experience, multiple requests for passwords can have an impact on productivity.
Whenever users forget their passwords and lock themselves out, the IT organization is called upon to reset passwords. Single sign-on (SSO) attempts to solve the problem of fragmented authentication by letting users authenticate to multiple applications with one username and password.
While this might improve the user experience and worker productivity by reducing password resets, it does nothing for security. SSO doubles down on the inherent weakness of passwords by putting multiple systems and applications behind one password and creating a single point of failure.
Rather than obtaining immediate access to a single application, a successful attacker has all the user’s applications at his fingertips. Worse still, the attacker can try this compromised username-credential pair on other systems.
Multi-Factor Authentication: A User Friendly and Unified Experience
Fortunately, a better approach to authentication is available. An MFA platform allows each channel to use any or all of the available authentication methods when they are most appropriate. This arrangement creates a unified experience across brands or services, resulting in a simplified user experience as well as stronger security.
When a user authenticates to a single service, she’s likely to need multiple usernames and passwords, maybe a personal identification number (PIN), challenge questions, and proof of identity. With a unified authentication approach, all of these disconnected methods can be consolidated into a single, mobile MFA experience that spans all touchpoints.
Unified authentication allows users to employ a single, consistent MFA experience to virtually any type and any number of applications: Web sites, desktop software, mobile apps, kiosks, game consoles, sensors, smart devices, etc. Offering a broad choice of authentication methods within a unified platform provides the level of assurance organizations need for any given use case.
By unifying the authentication process, companies will also improve the user experience. As per one example cited in the book, when a consumer logs into her bank’s website, a mobile app on her smartphone buzzes. She uses the mobile app to authenticate into the web session. Instead of answering questions to verify her identity to a customer service representative in the contact center, the user responds in real time to an authorization request sent to her mobile phone.
To get cash out of an ATM, the consumer places her smartphone on a pad and uses the mobile banking app to authenticate and execute the request. The pad uses wireless communication to receive the information from the app. When logging into the mobile banking app to check her account balance, the user is immediately authenticated within the app.
Given the rise in mobile access, unified authentication needs to be supported in the mobile environment. As the book points out, online activity is no longer limited to desktop computers. The need for authentication and authorization can arise anywhere, at any time.
A mobile authenticator enables users to authenticate from anywhere at any time via a mobile device such as a smartphone. Through the authenticator, users have access to a variety of client-side authentication factors that can be used for any communication channel.
For authentication to be available anytime and anywhere, however, services must be able to request the authentication of a user even if the user doesn’t initiate the authorization. A next-generation MFA service can reach out to a user to obtain authorization in real time, even when the user isn’t expecting the request or initiating an authentication event. The mobile authenticator can receive requests from applications through real-time push notification.