Employing Multifactor Authentication severely decreases the risk that a company will be successfully hacked, as it considers a multitude of factors (such as location, facial ID, IP address) verses only one (such as a password) prior to granting access to an application.
However, transparency as to where authentication data is stored for multifactor authentication is also necessary. This is particularly and especially true with biometric factors (such as facial recognition or touch ID). For example, consider facial recognition technology being used at security gates in airports. You scan your face or fingerprint, but where are they storing this data that they’re comparing to and is it in one centralized location? If so, not only is that data outside of the individual’s control, but it could be at risk if the airport does not protect it correctly. This highlights the need to respect and protect a user’s digital identity through decentralization capabilities.
Businesses looking to integrate biometrics, whether as a replacement to passwords or to complement them, should consider solutions where the biometric data is stored on the user’s device as opposed to a centralized repository. This respects the user’s privacy while providing one of the highest levels of protection.
Additionally, eliminate the frequent password change requirements, only require password changes when there was a known or suspected compromised of account credentials, and scan new and existing passwords against known lists of compromised accounts credentials.