{"id":6826,"date":"2020-08-12T18:12:48","date_gmt":"2020-08-12T15:12:48","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=6826"},"modified":"2025-08-11T22:28:38","modified_gmt":"2025-08-11T19:28:38","slug":"mfa-myths","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/mfa-myths\/","title":{"rendered":"6 MFA Myths You Still Believe"},"content":{"rendered":"\n

MFA or multi-factor authentication by definition is a technology that limits access to a user account unless the user presents two or more pieces of evidence that prove that they are who they claim to be, moreover, the evidence must be of different natures: something they know, something they have or something they are. Overall, the process is regarded as helpful, as it is a solution to many security threats including phishing<\/a>, brute force<\/a>, keyloggers<\/a>, some cases of social engineering<\/a> and MITM attacks<\/a>. However, some persistent MFA myths make companies hesitant to use it, and we\u2019re ready to debunk some of the most common ones.<\/p>\n\n\n\n

1. Only large companies benefit from using MFA<\/strong><\/h2>\n\n\n\n

This misconception doesn\u2019t make sense if you think about it. The size of the company should have nothing to do with the security measures it employs. Even small companies can acquire sensitive information that should be subject to comprehensive control and security.<\/p>\n\n\n\n

Furthermore, a company doesn\u2019t need to have a huge staff to implement multifactorial identification. There are two-factor authentication examples that are easy and cheap to carry out, monitor, and maintain. While the downsides of not using MFA authentication can be even more devastating for a small company, a security breach can result in a massive loss of reputation and trust.<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"43%<\/figure><\/div>\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

2. MFA should only be required from privileged users<\/strong><\/h2>\n\n\n\n

The idea behind this myth is that only privileged users have access to sensitive data, so they are the only ones that should be required to go through multi-factor authentication. However, this assumption is often wrong as, for example, every company employee has access to some confidential data.<\/p>\n\n\n\n

A harmful side of this myth is that cybercriminals often use it to their advantage. They target non-privileged users with phishing techniques<\/a> or other hacking methods. Then they can use the access gained to move around the corporate network and access private or valuable data with ease.<\/p>\n\n\n\n

| Read also:<\/span> Remote Work: How to Transition Team to Working From Home During the COVID-19 Pandemic<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

3. It is expensive to enable 2FA<\/strong><\/h2>\n\n\n\n

This myth stems from the earlier days of 2-step verification when each hardware token cost was around $100, so while it was secure, it wasn\u2019t cheap. Furthermore, they could be lost, rendering the process harder and even more expensive.<\/p>\n\n\n\n

Nowadays, the price for hardware tokens Protectimus Two<\/a> starts from USD 11,99 and goes down if the amount of order starts from 50 pieces. Moreover, there are much easier and cheaper ways of distributing one-time passwords. For example, it can be done for free through a dedicated authentication app<\/a> or a chatbot<\/a> in Telegram, Viber, or Facebook. Another thing to consider when calculating the price of MFA is how much you would lose without it in the case of a data breach.<\/p>\n\n\n\n

<\/p>\n\n\n

\n
\"How<\/figure><\/div>\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

4. Two-factor authentication ruins the user experience<\/strong><\/h2>\n\n\n\n

Most companies work hard and spend a lot of money to make the user experience as smooth as possible. This is why it might seem annoying to them that just for the sake of implementation of multi-factor authentication solutions users would need to perform an extra task entering a one-time password. While this is true, two-step authentication is becoming more and more common, and users often expect to perform this extra step. Furthermore, you should remember that technology improves the user experience in terms of ensuring their data protection.<\/p>\n\n\n\n

For example, one of the best solutions to this problem is intelligent identification. Often called user environment analysis or adaptive authentication, this technology improves the user experience by analyzing the browser version, operating system, and its parameters, window size, presence of certain plugins, and other parameters to identify the user. The two-factor authentication system requests one-time passwords only if the identification by these parameters is not successful. Protectimus MFA service offers adaptive authentication among its features<\/a>.<\/p>\n\n\n\n

| Read also:<\/span> The Evolution of Two-Step Authentication<\/a><\/p>\n\n\n\n

<\/p>\n\n\n\n

5. Multi-factor authentication is challenging to implement<\/strong><\/h2>\n\n\n\n

As it is the case with any security measures, even the best MFA programs come with some implementation challenges. However, as technology continues to improve and develop, the implementation process becomes much easier.<\/p>\n\n\n\n

For example, Protectimus provides a wide lineup of plugins that allow quick integration with just a few clicks. Among such plugins are those for Windows Logon and Microsoft RDP<\/a>, OWA<\/a>, ADFS<\/a>, and Active Directory directly<\/a>, RADIUS<\/a>, Citrix NetScaler (ADC) and XenApp<\/a>, RoundCube<\/a>. The two-factor authentication service is available in-cloud and on-premises.<\/p>\n\n\n\n

\n