Scaling Multi-Factor Authentication Across Your Organization

As an organization that has implemented multi-factor authentication (MFA), you’re part of a growing trend in the financial industry. In some cases, that trend has matured into a mandate. Also known as two-factor authentication or 2FA, such entities as the European Banking Authority, the international financial network SWIFT and the Monetary Authority of Singapore already require MFA.

Managing MFA in Financial Services

Several trends have contributed to the need for MFA within financial services organizations. Many consumers are now required to go through a multi-step verification process for online banking, payments and trading. Data breaches damage a brand; add in the fact that an organization didn't require MFA internally when it requires MFA of consumers and the brand damage may be irreparable. Also data breaches and online credit card payment fraud continue to be a growing problem, with the latter costing the EU €794 million in 2012.

Technologies such as Intel® Authenticate—available on devices with 8th Gen Intel® vPro™ Technology—simplify MFA scaling across your company. It gives IT the flexibility to create and deploy custom MFA policies that enforce user identity protection. The IT administrator can mix and match identification factors for different users and provide varying levels of access across the corporate domain, network, VPN and more. Intel Authenticate provides a simple self-service enrollment tool for end users to quickly get started, eliminating calls to IT.

Enabling True "Hardware" Authentication

Lenovo recommends using MFA grounded in hardware. This MFA type is much harder for hackers and malicious code to snoop and capture password data because it's located deep in the silicon, isolated from the OS and applications.

There are several ways to authenticate users and ensure that the credentials are stored at the hardware level, and you can use Intel Authenticate to set up different combinations of the following:

  • Facial Recognition: Infrared (IR) cameras are more secure than regular cameras for facial recognition. In addition, ThinkPad Glance utilizes face-, eye- and gaze-tracking to automatically lock a device if the user is not present.
  • Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
  • PIN: Short PIN codes can be used alongside other authentication factors as part of an MFA solution.
  • Consider the following as supplementary MFA factors:
    • Phone Proximity: Users can pair their smartphone with their PC via Bluetooth and securely use the proximity of their phone as an authentication factor.
    • Location: Use location-based services to determine if a user is in an expected location like their office.
Scaling Multi-Factor Authentication Across Your Organization

Up to 50% of all help desk calls are for password resets, which cost an average of $70 per incident.


  • Lenovo's Match on Chip Fingerprint Reader, available on many ThinkPads, stores biometric credentials on a separate chip, making it harder for malicious code to capture authentication data.
  • Intel® Authenticate - available on some Lenovo devices - simplifies MFA scaling by enabling IT to mix and match identification factors for different users.
  • Some Lenovo devices support Facial Recognition technology. In addition, ThinkPad Glance utilizes face and eye-tracking to automatically lock and unlock a device based on the presence of the user.