Phish-Proof Multi-Factor Authentication with Akamai MFA
Today, Akamai announced a phish-proof multi-factor authentication (MFA) service -- Akamai MFA -- for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?
When an employee logs in to access an application or service, there needs to be absolute certainty that it's the employee and not an attacker. After all, trusting and authenticating a doppelganger defeats one of the basic principles of Zero Trust, a network security model based on strict identity verification.
MFA adds an additional layer of login authorization to increase that certainty. As the name suggests, it uses another factor, such as a text message or one-time password (OTP), alongside a username and password. Since only the appropriate employee can theoretically receive that second factor request, in the event that an attacker obtains an employee's login credentials, the MFA should block an illegitimate access request.
There's no doubt that MFA can be highly effective in reducing the risk of account takeover. However, it's now become apparent that MFA can be bypassed and, as seen in recent high-profile attack on Twitter, it may provide little more than a security speed bump. My recent Akamai blog explains how it's possible to bypass MFA.
So, that's why we introduced Akamai MFA -- to help organizations reduce the risk of employee account takeover and underpin one of the core principles of Zero Trust: never trust and always verify.
FIDO2 is a set of industry standards that provides the highest levels of MFA security. It consists of two key components -- the WebAuthn specification, which was developed by W3C, and the Client to Authenticator Protocol (CTAP) specification, which was developed by the FIDO Alliance. Combined, these two specifications create cryptographic login credentials that are unique across every website, never leave the user's device, and are not stored on a server.
To get FIDO2-based MFA today, an organization needs to first deploy an MFA service and then buy, distribute, and manage hardware security keys, which significantly increases costs and operational complexities. Another challenge of physical security keys is that the end-user experience is less than ideal -- people lose or forget their keys, meaning additional calls to the IT help desk.
Akamai MFA delivers all of the benefits of FIDO2-based MFA, but without the costs and complexities of physical security keys, and delivers a delightful and frictionless end-user experience through a smartphone application.
Most importantly, however, Akamai's phish-proof push is designed to remove the risk of fraudulent push notifications being received by an employee, thus eliminating any human decision-making from the authentication process. When an employee receives the secure push notification from Akamai MFA, they can be absolutely certain it's genuine when they click to accept.
Akamai MFA is a new MFA service for your workforce, featuring an innovative, phish-proof push authentication factor. Akamai MFA integrates with market-leading Identity Provider (IDP) solutions, including Akamai's own Enterprise Application Access, to allow customers to maximize security for single sign-on use cases. To deliver MFA to Secure Shell and Remote Desktop Protocol (RDP) workflows, Akamai MFA can also be integrated with UNIX and Windows RDP servers. Built on the global Akamai Edge platform, Akamai MFA delivers the scale and reliability you need to protect your employees anywhere at any time.
To learn more about Akamai MFA and to find out if it can help you transform your MFA strategy, head to akamai.com/mfa where you can sign up for a free 60-day evaluation of the service.