Every Okta SSO instance allows you to directly decide how many factors to challenge a user with, and how long the response to that challenge is valid. While a strong 2-factor or multi-factor authorization configuration is required for a more secure and hacker-proof organization, it often leads to another big problem: a poor user experience. As a result, most MFA policies have been scaled back as a compromise between security and convenience.
MFA once a day is not enough: employees should prove their identity each time they access a protected resource.
Employees are often the easiest points of attack for hackers to gain access to your systems. Login credentials are a major focus for external attackers. According to Gartner, 82% of attacks start with compromised user identities, so it makes sense to increase security on that front. However, when you increase authentication requirements for employees, it also makes their jobs and lives harder due to an increase in MFA interruptions.
Not only do they lose time having to prove their identity, but the distraction of having to switch focus to authentication pulls them out of their flow state. This leads to a dramatic reduction in employee productivity and satisfaction, an increase in workplace frustration, and in extreme cases a measurable increase in employee churn. Repeated authentication challenges also increase the risk of human error, leading to increased IT help desk tickets from locked accounts and authentication issues.
Most organizations are aware of this potential friction and implement workarounds like disabling MFA on trusted devices, setting long session lengths, or enabling MFA only for high-risk applications to reduce interruptions for their employees. As a direct result, attack vectors such as social engineering, spear-phishing, wardriving, device compromise, session hijacking, and lateral movement from compromised non-MFA’d systems resurface, needing even further investment in processes and tools to bridge these gaps.
This is where Twosense comes in: developed in partnership with the U.S. Department of Defense, our software increases identity security while reducing user friction through continuous biometric authentication. As part of the Okta Integration Network (OIN), Twosense easily integrates with your Okta SSO, adding a layer of continuous authentication to your existing SSO and MFA capabilities. Twosense creates a true zero-friction user experience where MFA challenges only interrupt users when Twosense cannot biometrically identify an unauthorized user. This allows your IT team to focus on what’s truly important and makes your users happier and more productive.
Track MFA automation across your organization and see how much time was saved and how much frustration was avoided.
The Okta admin can deploy MFA on every app, all the time, while simultaneously reducing user friction. Twosense provides better security with a better experience in under 30 minutes.
If you would like to see it in real-time, set up a demo today!