Some Good Cybersecurity News - MFA use more than Doubled in the U.S.

May 4th, 2020   |     |  security & compliance

OneLogin has a platform with millions of user identities. With this type of scale, OneLogin is in a unique position to provide insight into the technology trends that are happening over-time. One trend that has received a lot of interest recently is how remote work might be affecting how workers do their job. After combing through the data, OneLogin has seen some interesting trends, specifically around multi-factor authentication (MFA), that we wanted to share. (Not sure what MFA is? Give this intro to MFA a quick read)

Increase in MFA prompts in US by Day

MFA is the new normal for remote work?

OneLogin registered an average of tens of thousands of MFA prompts per day from the beginning of February to the middle of March in the US. As you can see above, those daily averages are relatively stable with the peaks happening on weekdays (Monday-Friday) and troughs on the weekends (Saturday - Sunday).

However, when the work from home transition started to take effect in mid-March due to COVID-19, we saw MFA prompts more than double across the platform. Let’s take a look at what this means and what might be driving these results.

Potential MFA drivers

Diving into the numbers we have available for the U.S., OneLogin shows that the middle of March was the start of a dramatic spike in MFA across OneLogin’s US user base. It seems that there are several possible explanations for this behavior that are not necessarily mutually exclusive. Such drivers include:

  • Widespread MFA deployment to protect resources accessed through OneLogin
  • Spike in new devices used to access work applications
  • Spike in user authentication requests from new locations

Let’s take a look at each one of these possibilities and give a quick evaluation of how likely each plays a role in our results.

Widespread MFA deployment to protect resources accessed through OneLogin

With companies sending their users to work from home, is IT really deploying MFA right now? You bet!

Anecdotally, I’ve worked with several customers who have recently come to OneLogin specifically to secure users’ remote access. In fact, a dentistry supporting over 1,000 employees recently came to OneLogin to find a way to securely grant user access to on-prem applications that now needed to be accessed remotely. They deployed MFA through OneLogin in less than 3 days so their call center workers could support current and prospective patients throughout the shelter-at-home order in the states they operated in. These kind of deployments quickly boosted the number of users getting MFA prompts on the OneLogin platform heading into the current crisis.

Spike in new devices used to access work applications

There are a multitude of different avenues OneLogin customers may take to decrease the number of times users may be prompted for MFA. One such avenue can be suppressing MFA for known browsers. As such, if a user signed in from a new device for the first time, MFA prompts would trigger.

This is definitely a possibility. OneLogin has seen an increased use in Bring Your Own Device and mobile device usage overtime. Additionally, many companies were not prepared to send users home with corporate devices and so many customers had to make due with users getting work done on their personal devices. This current pandemic could actually drive growth in the BYOD market even faster – reaching over 15% compound annual growth rate (CAGR) predicted over the next several years (Beta News).

Spike in user authentication from new locations

This seems like an obvious driver. Many OneLogin customers have policies that govern MFA prompts based on user location (i.e. don’t prompt the user for MFA if the user is at the office, prompt the users outside of the corporate network). Now that many users are working from home rather than the office, this could be a huge reason why we’ve seen MFA prompts spike so drastically.

However, none of the above explanations fully explain why MFA prompts peaked in mid-March, but seem to be on slow decline since that day….

Decline in MFA?

Why might MFA prompts actually appear to be in slow decline since the peak in mid-March? One likely explanation is OneLogin customers’ use of SmartFactor Authentication™, which brings the concept of context-aware security to the forefront. With SmartFactor Authentication, OneLogin starts to learn typical login behavior over time and can take action based on the riskiness of each user authentication. This means that over time, OneLogin can eventually do things like suppress end-user MFA prompts after it starts to recognize typical login behavior. That would mean the spikes and declines aligned well with the design of SmartFactor Authentication where OneLogin prompted thousands of additional users for MFA in mid-March when they signed in from home for the first couple of times. After continuously evaluating the user’s behavior (like their new IP, machine, browser, time-of-day, etc.), OneLogin has been able to decrease end-user MFA prompts during normal authentication events. This context-aware authentication scheme helps IT personnel feel much more confident in the security of their web resources while keeping friction low for end-users trying to get their work done remotely.

To learn more about COVID-19 security trends, visit our COVID-19 hub.

OneLogin blog author
About the Author

Brandon McCaffrey is a Commercial Solutions Engineer at OneLogin and has been working with customers on solving their identity challenges for the last 2 and half years. Brandon creates, validates, and tests solutions architecture across OneLogin’s global customer base.

View all posts by Brandon McCaffrey Anderson

OneLogin blog author
About the Author

Brandon McCaffrey is a Commercial Solutions Engineer at OneLogin and has been working with customers on solving their identity challenges for the last 2 and half years. Brandon creates, validates, and tests solutions architecture across OneLogin’s global customer base.

View all posts by Brandon McCaffrey Anderson

Secure all your apps, users, and devices