As we’ve mentioned in the past, phones aren’t allowed in contact centers and hard tokens are too difficult to manage for high-turnover workforces. Biometrics have often been presented as the only remaining choice for multi-factor authentication.
Let’s pretend for a moment that PCI allowed for mobile phones at desks, and that a workforce would stick around long enough for hard tokens to be worth the effort. Even if all that were true, behavioral biometrics would still be the best option for contact centers.
No Excuses
When a phone is required for MFA, what does a user do when they lose their phone? What if they got a new phone and traded in the previous one, or their phone is broken? Each of these scenarios results in a helpdesk ticket. That not only wastes an extreme amount of the agent’s valuable time but also results in increased IT costs staffing the helpdesk. All this assumes that the agent has a smartphone and reliable cell service, which isn’t always a safe bet.
The same is true of hard tokens. Users have a tendency to jam them into wallets, which stresses the materials and eventually ends with a broken device. They also lose the tokens frequently because they tend to be small and lightweight. Much like a lost phone, this requires a help desk ticket to sort out, in addition to the cost and labor associated with issuing the user a new hard token.
Twosense behavioral biometric MFA doesn’t require hardware of any sort. Nobody needs to beg users to install a mobile app on their personal phone or send reminder emails that users need to enroll through a portal. Once the Twosense agent is installed on each user’s machine, no further action is required.
Wasted Time
Whether you use hard tokens or mobile apps, each multifactor challenge takes at least 15 seconds to complete. If a user’s time on a call is worth a dollar a minute, that means that each MFA challenge has wasted 25 cents. At a minimum (MFA once a day) this wastes $5 per month per user, but many organizations require identity verification much more than once a day.
Most security teams would prefer to check a user’s identity each time they step away from their computer or access a critical application, but have removed those security controls in the interest of keeping agents productive. Implementing frictionless MFA that doesn’t require any of the user’s time allows IT departments the flexibility to increase their security posture without worrying about user productivity.
User-proof Software
No matter how well-designed software is, user error is inevitable and IT departments spend countless hours training employees to try to avoid it. With multifactor authentication, in particular, user error can be extraordinarily dangerous. If a user accidentally rejects a push notification, they just wasted an additional 30 seconds and are starting their workday frustrated. If a user mistakenly accepts an access request by a malicious actor, the attacker can register their device for future MFA challenges, resulting in permanent access to an organization’s network.
Beyond user error, social engineering and phishing attacks are increasingly common. Behavioral Biometric MFA is unphishable and eliminates user error. If a user can be tricked into either giving their one-time password over the phone or accepting a push notification, the organization is compromised.
Twosense MFA is completely unphishable and does not require any training. Users don’t need to modify their behavior at all - they just continue working uninterrupted.
Continuous MFA
Imagine the security posture an organization would have if they MFA challenged every user once a minute. Setting aside the incredible frustration users would experience, the ability to guarantee a user’s identity at all times would be priceless for a security team.
This is the benefit offered by continuous MFA - Twosense continuously monitors a user’s behavior and can react within one minute of a change of control. Compare this with recent breaches where hackers had months of network access to plan an attack.
Rolling out Twosense Continuous MFA provides the benefits of both products - an end to MFA interruptions, increased security on OS and web app logins, and immediate response to any unauthorized access as a result of malicious actors or credential sharing.