How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Identity & Access Management (IAM)Threat & Vulnerability Management

Very likely6%

Likely42%

Somewhat likely22%

Somewhat unlikely14%

Unlikely11%

Very unlikely2%

Unsure

588 PARTICIPANTS
3.6k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
CTO in Software3 years ago

The "basics" of MFA are usually straightforward and not very challenging to get right. The challenging part is what happens next, I often refer to it as "operationalizing" security - driving adoption and awareness, providing training, controlling configuration drift, etc.

Content you might like

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Read More Comments

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 14%

Software supply chain risks 14%

Insider risk (both malicious & accidental)

Regulatory compliance 14%

Cloud misconfigurations 14%

Shadow IT (or shadow AI) 14%

Ransomware 14%

Talent shortage in cybersecurity14%

Something else (comment to explain)

View Results

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.