Implement MFA on Your Custom Apps and Websites, Then Brag about It (While You Still Can!)
TL;DR: Multi-Factor Authentication (MFA) is going mainstream(!). U2F keys (a.k.a., hardware tokens) are standing out as a great option for your customers. Add U2F support to your website while you can still brag about it.... Plus, it's quick and easy!
Multi-Factor Authentication (MFA) is becoming mainstream. Until recently, MFA was only used to access corporate resources. With the uptick in stolen credentials, people are starting to rely on MFA in their personal lives to protect their personal accounts.
The signs of a change
As part of my job, I track and read news and information about identity security every day. In the last few months, I've been seeing an increase in news about MFA on consumer sites. Examples include tutorials on how to use MFA on personal accounts, and the EPIC Games give away. When Epic started giving a free Boogiedown Emote to accounts with MFA enabled on Fortnite, MFA became even more popular.
People are also getting educated on the strength of MFA due to consumer-focused sites pointing out their virtues:
- Dashlane recently published a 2FA power ranking in which they examined the login options offered by 34 consumer websites. Whereas SMS, email authentication, and software tokens earned 1 point each, hardware tokens were granted 3 (allowing for a maximum score of 5).
Dashlane's 2FA Power Rankings
- Lifehacker recently posted tutorials on how to set up U2F tokens on a personal computer.
The increased support and consumer-focused content about MFA on consumer websites indicates a clear sign of change. It also implies that consumers are learning to adopt new forms of security in their personal lives.
Implement MFA, then brag about it (while you still can!)
The world is not getting any safer and it's just a matter of time until MFA becomes table stakes for basic customer security. This is already the reality for financial institutions, and on many consumer apps and websites like Fortnite and Twitter.
So, don’t be reactive—implement MFA in your apps as soon as possible. To streamline your implementation, here are a few tips:
- Do not attempt to build authentication and MFA by yourself. Building login and MFA is challenging, time-consuming, and risky (you may inadvertently build a vulnerable implementation).
- Use a cloud solution for your login and MFA. This allows your developers to focus on building the best user experience, while you control the application identities and access management—all from a single location.
- Enable multiple MFA factors to delight your customers. Okta supports 10+ factors out of the box. You can use these factors to implement different experiences based on the user budget and security posture.
- Enable hardware tokens (like FIDO U2F keys), then take it social. Hardware tokens are trending up. People recognize this option as a secure and seamless way to log into websites and apps. By offering this solution, you provide a top-notch security experience during login, just like Facebook, Google, and Twitter. So, enable your website with U2F, then go social with it. Brag about it while you still can—especially if your competitors are still oblivious to this trend.
Use Okta
To wrap up, when implementing login and MFA on your custom app or website, use Okta. Okta provides authentication and MFA to your apps in the cloud using SDKs and widgets on 10+ programming languages and frameworks. With Okta, you can manage identity, add users, and configure the login page to suit your needs.
To learn more about how to implement Okta on custom apps and to get a free account, check out the Okta Developer site.