Is it RIP for MFA? - Ctrl Alt Lead podcast

Safety blanket or security necessity?

Multifactor authentication has been protecting professionals for years; but with attackers increasingly knowing how to bypass it, is a new approach needed?

Richard Richison certainly thinks so. The IT director, who works at a global life sciences firm with more than 1,600 employees, says that in addition to MFA’s weaknesses to man-in-the-middle and social engineering attacks, users are also being turned off by alert fatigue.

In the latest episode of Ctrl Alt Lead, Richard tells Tom about the new security process he’s adopted and rolled out across the business – with no staff pushback. That might be a first in the cybersecurity space!

Richard’s company adopted a phishing-resistant process relying on biometric cryptographic security keys and device-level checks, utilising the TPM chip. While this is commonly used in mobile devices, it’s still under-utilised in traditional PCs.

In the podcast, we talk about why Richard started investigating a new solution to replace MFA; what the rollout looked like; and his advice for other IT leaders in the same boat.

To access the full podcast watch the video, use the web player, or find Ctrl Alt Lead now on Spotify and Apple Podcasts.