To achieve security, enterprises work with IAM systems that deploy multi-factor authentication (MFA) or simply two-factor auhtnetication (2FA). MFA allows businesses to verify their employees’ identities when they login to corporate apps.
While MFA is key to security, companies should avoid using methods that require employees to use their phones.
Below, we focus on why phone-based MFA is burdensome and costly for companies and employees. And we highlight typing biometrics as a seamless and privacy-focused alternative for workforce authentication that doesn’t require using personal phones to work.
Why is workforce MFA the new normal?
With increased cybersecurity threats and more people working remotely, enterprises rely on identity and access management (IAM) providers to secure their workforce access to corporate data and apps.
IAM providers, such as Ping Identity, Okta, ForgeRock, Microsoft, or WSO2, offer services that enforce security within a company’s network and include solutions for employee authentication and network access control. IAM providers help companies develop robust security flows that don’t affect employees’ productivity.
To keep data safe, enterprises use MFA to verify the identity of users attempting to log into the corporate network. And although most MFA/2FA methods increase security and help companies protect their networks, some are better at doing the job than others.
Before we explore why behavioral biometrics authentication is the better choice, let’s find out why phone-based authentication methods are becoming a thing of the past.
Why using personal phones for MFA/2FA is a thing of the past?
Let’s say that employee Jane is trying to log in to the corporate network to access the data she needs to do her job. To start her MFA/2FA authentication process, most IAM systems would have Jane enter her username and password (her credentials). To finalize, Jane would have to input an SMS one-time passcode sent to her phone.
The same example works for most of the traditional phone-based MFA/2FA methods. Companies that don’t use SMS OTP, like in Jane’s case, still require employees to carry around tokens or use their cell phones for authentication methods, such as:
- TOTP apps (such as Google Authenticator, or Microsoft Authenticator)
- Voice calls,
- Push notifications.
Phone-based authentication is burdensome and costly for the employee and the employer. Privacy concerns come from many employees who disagree with being required to use their phones for work. For employers, the costs associated with phone-based authentication and employee concerns and negative feedback can be challenging.
While an organization can’t legally force employees to use their cell phones for work, the same organization might be liable to pay any additional fees incurred by employees when performing MFA/2FA for work purposes. In other words, it’s wrong to ask employees to use personal phones for work. And this applies to MFA/2FA as well.
Behavioral biometrics: MFA/2FA methods that don’t require a phone
Most popular behavioral biometrics are typing biometrics and voice recognition. However, not all behavioral biometrics work without a phone.
For example, voice recognition most commonly works by calling on the user’s personal phone, and if performed through a computer, needs the user to give browser permission for the Microphone to be used by the login app.
On the other hand, typing biometrics technology works with only a keyboard and doesn’t require phones. Typing biometrics is a form of behavioral biometrics that analyzes a user’s typing patterns to authenticate them. Typing biometrics is an excellent fit for MFA/2FA because it works on any keyboard.
MFA/2FA with typing biometrics explained
For workforce authentication, MFA with typing biometrics occurs behind the scenes when employees type a 4-word phrase through the IAM login portal. The technology looks at how the user types. By analyzing a user’s unique typing patterns, typing biometrics can learn that user’s typing behavior and authenticate them seamlessly anytime they type.
So, let’s go back to Jane from our previous example. If your company’s IAM system uses TypingDNA typing biometrics as MFA/2FA authentication method, whenever Jane wants to access corporate resources, she simply has to type a 4-word phrase to be securely authenticated.
The 4-word 2FA works like this: Firstly, Jane either types her username and password or uses a password manager to log in, as she usually would. Then, a 2FA pop-up appears, asking her to type 4 words or a short phrase. In this case, TypingDNA authenticated Jane based on how she typed the words “hospital shampoo teapot rainbow”.
Benefits of typing biometrics for workforce authentication
Because of its ability to passively authenticate users while they type, typing biometrics is a good fit for workforce authentication, and it:
✅ Works with the existing keyboard
✅ Reduces the need for personal phones
✅ Allows users to enroll quickly
Ready to improve your workforce MFA/2FA experience with typing biometrics?
TypingDNA offers this technology in the form of an OIDC integration for major IAM platforms, (or for some platforms as a custom integration).
To learn more and get a quote for our TypingDNA Verify 2FA (OIDC version), available for Okta, Ping Identity, ForgeRock, Keycloak, and more contact us.
