AFGE Automates MFA Challenges With Help From Twosense

Secure Access and Eliminate MFA Friction with Continuous Authentication
AFGE Stats-2 (2)
AFGE Stats-1 (1)

1. Introduction

Overview

The American Federation of Government Employees (AFGE) is the largest federal employee union and represents 700,000 federal and D.C. government workers nationwide and overseas. With full IT responsibility for over 300,000 members and 400+ employees, keeping private information secure is essential. As early adopters of two-factor authentication, AFGE implemented 2FA everywhere from desktops to SaaS applications. However, with the adoption of that 2FA policy, challenges emerged and there was a realization that the number of prompts has a real financial and productivity cost. Taylor Higley, Director of Information Services decided that it was in the organization’s best interest to begin looking for a more agile and scalable IT infrastructure to best serve its users.

With the specific goal of finding a smarter way to implement identity security, AFGE began discussing how continuous authentication would solve their problem. Intrigued by Twosense’s passive biometric approach to identity automation, AFGE reached out after seeing Twosense on the Okta Integrated Network (OIN.) Higley said, “Twosense stepped in at just the right time with everyone working remotely and was able to help AFGE implement more secure multi-factor authentication policies without sacrificing the user experience.” 

 

The Story of AFGE

When it came to identity, AFGE originally had a traditional on-premise infrastructure. Password-reset requests, one of their top 10 issues, became a real headache for IT and employees who were routinely locked out for at least 20 minutes at a time. As a result of highly frustrating and complex identity security issues, AFGE began the transition from Microsoft Active Directory Federated Services (AD FS) to Okta. What differentiated Okta was the ability to contact support and get quality help when needed. Okta provided AFGE with an on-demand identity and access management service. However, even after implementing Okta, MFA difficulties remained.

 

2. Problem
The Better Way to Engage MFA

Before implementing Twosense, AFGE already had strict multifactor policies in place. Users were prompted to complete a multifactor challenge each time they stepped away from their workstation, which could be ten times a day. Every Okta-protected application also required a multifactor check. 

To address employee frustrations with repeated MFA challenges, Twosense was implemented as a layer between AFGE’s existing SSO and MFA solutions. By using machine learning to drive passive biometrics, Twosense was able to automate MFA challenges and guarantee each user's identity continuously throughout the day. This continuous authentication process responded to 78% of MFA challenges across AFGE’s entire user base, resulting in significantly fewer interruptions throughout the day and increased productivity. 

When asked about the result of implementation, Higley said “People are getting significantly fewer prompts.” While he can monitor the number of MFA challenges automated and time saved in the Twosense dashboard, he hasn’t needed to communicate them beyond the IT department. Everyone has noticed a change, from employees to the board. “We have a subcommittee for IT, which is a subset of the board, and every member can draw from their own experience with the software. They know they are experiencing a lot fewer MFA challenges, and that’s incredibly valuable.” 

 

3. Solution

Why AFGE Chose Twosense

AFGE wanted a solution that would easily slot into their pre-existing SSO and MFA security infrastructure, and ease MFA pain without any reduction in security posture. Twosense software is part of the OIN and designed to work with Okta, making it easy to implement same day. AFGE only needed to deploy the Twosense Chrome extension to managed devices via group policy to start seeing results. The entire process took less than 30 minutes.

Once deployed, the Twosense browser extension continuously monitored AFGE users’ behavior such as keystrokes and mouse movement and synchronized with the cloud to continuously update each user’s trust score. Each time a user attempted to access an SSO-protected application, Okta requested verification from Twosense. If the user was verified, Okta granted access. Otherwise, Okta fell back to the default MFA settings before granting access. “Twosense worked with us closely to ensure that we could get to where we wanted to be and that was a very positive experience,“ Higley said.

4. Results

The Twosense Effect

The decision to implement Twosense software into AFGE’s security practice resulted in improved productivity due to a decrease in interruptions. According to internal data, AFGE began to quickly see the impact of the Twosense software:

  • 78% of MFA challenges across the entire organization have been automated 
  • 10,740 total authentication challenges were automated each month
  • 2,685 minutes (45 hours) were saved each month
  • 28% of 1 FTE in increased productivity each month
  • 72,796 authentication challenges were automated in the past year
  • 18,172 minutes (303 hours) were saved in the past year

Device-free MFA led to fewer helpdesk tickets and allowed the IT department to focus its efforts on other important projects while reducing costs. Strict MFA policies also helped to prevent threats of spear phishing, account takeovers, and malicious remote access.

When asked about how Twosense software has helped AFGE manage the transition to working remotely, Higley said “Twosense software has been especially helpful for the roughly 200 people that were working on-site who rarely if ever got the Okta MFA prompt. Now, all of a sudden while working remotely they were getting them while working from home or when using a new browser. Twosense was able to ease some of that pain.”

“MFA is something everyone loves to hate, but it’s necessary and people get it,” he said. “With Twosense we are able to make that necessary evil a little less evil.”

 

5. Conclusion

Better Security & Better Experience

Recent reports from the FBI show that since March of 2020, cyberattacks have increased by 300%, with the average business cost of a cyberattack sitting at roughly $3.86 million. 55% of enterprises now use MFA, and that number continues to rise yearly. However, implementing MFA with relaxed security policies does not provide the security most CISOs and IT Managers know they need. Twosense provides both better security and a better user experience. To schedule your demo and try the product for free please visit Twosense.ai. 

 

Ready to Make MFA Invisible?

Twosense automated 78% of AFGE’s MFA prompts—eliminating interruptions, boosting productivity, and improving security.

Request a Demo