Every OneLogin single sign-on instance allows you to directly decide how many factors to challenge users with, and how long the response to that challenge is valid. While a strong 2-factor or multi-factor authorization configuration is required for a more secure and breach-proof organization, it often leads to another fundamental problem: a poor user experience. As a result, most multi-factor authentication policies have been dialed back as a compromise between security and ease of use.
Employees are often the easiest points of attack for hackers to gain access to your systems. Login credentials are a major focus for external attackers. According to Gartner, 82% of attacks start with compromised user identities, so increasing organizational security on that front is a logical step. However, when you increase authentication requirements for employees, it also increases the interruptions they experience throughout the day as a result of those requirements.
Not only do they lose time having to prove their identity, but the distraction of having to switch focus to authentication pulls them out of their flow state. This leads to a significant decrease in employee productivity and satisfaction, an increase in workplace frustration, and in extreme cases a measurable increase in employee turnover. Repeated authentication challenges also increase the risk of human error, leading to increased IT helpdesk tickets from locked accounts and authentication issues.
Most organizations are aware of this potential friction and implement workarounds like disabling MFA on trusted devices, setting long session lengths, or enabling MFA only for high-risk applications to reduce interruptions for their employees. As a direct result, attack vectors such as social engineering, spear-phishing, wardriving, device compromise, session hijacking, and lateral movement from compromised non-MFA’d systems resurface, needing even further investment in processes and tools to bridge these gaps.
Twosense was developed in partnership with the U.S. Department of Defense to increase identity security while reducing user friction through continuous biometric authentication. It easily integrates with your OneLogin SSO, adding a layer of continuous authentication to your existing SSO and MFA capabilities. Twosense creates a true zero-friction user experience where MFA challenges only interrupt users when Twosense cannot biometrically identify an unauthorized user. This allows your IT team to focus on what’s truly important and makes your users happier and more productive.
The OneLogin admin can deploy MFA everywhere, on every app, all the time, while simultaneously reducing user friction. Twosense provides better security with a better experience in under 30 minutes.
If you would like to see it in real-time, set up a demo today!