With so many devices being utilized in the education industry—smartphones, laptops, workstations and tablets - protecting them only with passwords exposes student and staff data to greater risk than ever before. Verizon’s “2017 Data Breach Investigations Report” revealed that 81% of hacking-related breaches involved stolen or weak passwords. Users experience “password rage” when they either forget a password or have a password request interrupt their workflow. But as security concerns rise, the more users are frustrated by having to use increasingly complex passwords.
Why Multi-Factor Authentication
The next level in device and identity protection is multi-factor authentication (MFA). MFA requires two or more layers of authentication, none of which need to be passwords. It can include any combination of PIN number, password, proximity of a phone, location or a biometric factor such as fingerprint or facial recognition.
Devices with integrated MFA features protect data and identities while improving the user experience for students and staff. By passively authenticating users, you are making your organization much more secure, and reducing reliance on complex passwords.
How to Implement MFA
Be careful about using authentication solutions that are not hardware based. Many fingerprint readers or cameras you find in end user devices store the biometric data at the software layer in the OS, leaving them vulnerable to hacking.
With MFA grounded in hardware, it is much harder for malicious code to exploit for password data theft because its located deep in the silicon, isolated from the OS and applications.
MFA Features to Consider
Look for devices with Intel® vPro™ Technology, which includes Intel® Authenticate; this not only helps to enable hardware-level protection, but makes it easier for IT to mix and match identification factors such as the following:
- Facial Recognition: Infrared (IR) cameras are more secure than regular cameras. In addition, ThinkPad Glance utilizes face, eye- and gaze-tracking to automatically lock a device if the user is not present.
- Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
- PIN: Short numeric codes can be used alongside other authentication factors as part of an MFA solution.
- Consider the following as supplementary MFA factors:
- Phone Proximity: Users can pair their smartphone with their PC via Bluetooth and use the proximity of their phone as a secure authentication factor.
- Location: Use location-based services to determine if a user is in an expected location like their office.
