Scaling Multi-Factor Authentication Across Your Organization

Implementing multi-factor authentication (MFA), is a growing trend. The MFA industry is expected to grow to $13.59B by 2022.

When it comes to the retail industry, MFA has unique challenges—like meeting strict compliance requirements, managing multiple locations (locally or globally) and protecting employee and customer information. You also need to keep up with the speed of business and can’t be slowed down by time intensive steps. Because of these factors, it's important to think about how to effectively apply and manage MFA across multiple devices and locations, and determine which MFA types will work best for your needs.

Managing MFA

Technologies like Intel® Authenticate—available on devices with 8th Gen Intel® vPro™ Technology—simplify MFA scaling for flexibility to create and deploy custom MFA policies that enforce user identity protection. IT administrators can mix/match identification factors for different users and provide varying levels of access across the corporate domain, network, VPN and more. Intel Authenticate provides a simple self-service enrollment tool for end users to quickly get started, eliminating calls to IT.

Enabling True "Hardware" Authentication

Lenovo recommends MFA grounded in hardware which is harder for hackers and malicious code to snoop and capture password data because it's deep in the silicon, isolated from the OS/applications.

There are several ways to authenticate users and ensure credentials are stored at the hardware level. Intel Authenticate can set up different combinations of the following:

  • Facial Recognition: Infrared (IR) cameras are more secure than regular cameras. ThinkPad Glance utilizes face/eye/gaze-tracking to automatically lock a device if user isn't present.
  • Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
  • PIN: Short PIN codes can be used alongside other authentication factors as part of an MFA solution.
  • Consider the following as supplementary MFA factors:
    • Phone Proximity pairs smartphones with PCs via Bluetooth and securely uses phone proximity as authentication factor.
    • Location-based services to determine if user is in an expected location.

To update your access management strategy, modern devices will support and scale hardware-based MFA with the convenience of solutions like Windows Hello.

Scaling Multi-Factor Authentication Across Your Organization

Up to 50% of all help desk calls are for password resets, which cost an average of $70 per incident.


  • Lenovo's Match on Chip Fingerprint Reader, available on many ThinkPads, stores biometric credentials on a separate chip, making it harder for malicious code to capture authentication data.
  • Intel® Authenticate - available on some Lenovo devices - simplifies MFA scaling by enabling IT to mix and match identification factors for different users.
  • Some Lenovo devices support Facial Recognition technology. In addition, ThinkPad Glance utilizes face and eye-tracking to automatically lock and unlock a device based on the presence of the user.