Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Ten MFA Excuses and How to Defeat Them
May 3, 2022
I’ll say it again. Implementing MFA (multi-factor authentication) is the easiest and smartest thing you can do to protect your information and technology access. We’ve heard all kinds of excuses as to why users push back on MFA. CSO has a post listing the top 10 MFA excuses and how security professionals deal with them.
- My password is strong enough
- I don’t want to provide my personal smartphone number for my MFA sign-in
- My personal phone number will be used for marketing or sold to third parties
- MFA is too new and unproven
- Our IT team is already overloaded with addressing higher-priority issues
- It’s too much of a hassle to set up MFA
- The MFA solution does not support our legacy applications
- The risk is not high enough for the investment in MFA
- I don’t know enough about what MFA is to feel comfortable using it
- I don’t need more security, I don’t have anything worth stealing
CSO does a good job in explaining why the arguments are pretty weak. There are ways to make MFA less of an access burden. The slight inconvenience (if there is any) is well worth it. At the end of the day, you may not have a choice. More and more vendors are requiring MFA for users’ accounts. Besides that, your cyber insurance carrier may require that you implement MFA or risk a significant increase in your premium or even cancellation of your coverage.