Stop all access from Unauthorized Regions and TOR Networks
Immediately implement an Adaptive Rule that eliminates all MFA methods for any login requests coming from unauthorized regions of the world - or from TOR or anonymous networks.
Tighten Security for Elevated Users
For your elevated users (potential targets of whaling attacks),
implement USB Hardware Token access only, providing the highest level of security.
Examples of this user community might include VP of Human Resources, Director of Finance, Senior IT personnel
Setup Static Knowledge-Based Asset questions for all users
In order to protect from Credential-Stuffing and Spray-and-Pray attacks, implement a simple CAPTCHA for all users. Not only do static questions protect against automated attacks, they can also be effective in acclimating your users to a secondary challenge.
Setup Dynamic Knowledge-Based Asset questions for all users
Using Adaptive Technologies, create Dynamic Knowledge Based questions that are effective and easy to use. Dynamic questions offer a higher level of security than static questions and can be drawn from any internal data source, such as Active Directory, Human Resource databases, Phone systems, Card Key systems or virtually any other data store.
Ease your users into the enrollment process with a countdown.
If your user community prefers to know about coming changes, offer them a "countdown", where they have the choice of enrolling now or waiting a pre-determined amount of time.
Setup Dynamic Knowledge-Based Asset visual questions
With Adaptive Technologies, creating Dynamic Knowledge Based Visual questions are simple and provide a very effective secondary challenge. In this example, we are havesting 12 avatars from Active Directory - including the avatar of one of the requester's colleagues.
Full enrollment for Knowledge-Based Authentication users
For your user base without access to a smart phone, use the Pattern Unlock authentication challenge.
Full enrollment for Possession-Based Authentication users
For users with a smart phone, set up the enrollment process where users will enter their mobile phone and scan a QR code with the smart phone.