As an organization that has implemented multi-factor authentication (MFA), you’re part of a growing trend. The MFA industry is expected to grow to $13.59B by 2022.
One challenge many media and entertainment SMBs face is how to scale MFA deployment across the organization. We recommend that you think about how to manage MFA across multiple devices and perhaps locations, as well as which types of MFA work best for your needs.
Managing MFA in Media & Entertainment
Content theft and ransomware attacks are major threats in the media and entertainment industry. Protecting the digital rights to content to keep it from being compromised starts with endpoint devices.
Technologies such as Intel® Authenticate—available on devices with 8th Gen Intel® vPro™ Technology—simplify MFA scaling. It gives IT the flexibility to create and deploy custom MFA policies that enforce user identity protection. The IT administrator can mix and match identification factors for different users and provide varying levels of access across the corporate domain, network, VPN and more. Intel Authenticate provides a simple self-service enrollment tool for end users to quickly get started, eliminating calls to IT.
Enabling True "Hardware" Authentication
Lenovo recommends that media and entertainment SMBs use MFA grounded in hardware. This MFA type is much harder for hackers and malicious code to snoop and capture password data because it's located deep in the silicon, isolated from the OS and applications.
There are several ways to authenticate users and ensure that the credentials are stored at the hardware level, and you can use Intel Authenticate to set up different combinations of the following:
- Facial Recognition: Infrared (IR) cameras are more secure than regular cameras for facial recognition. In addition, ThinkPad Glance utilizes face, eye and gazetracking to automatically lock a device if the user is not present.
- Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
- PIN: Short numeric codes can be used alongside other authentication factors as part of an MFA solution.
- Consider the following as supplementary MFA factors:
- Phone Proximity: Users can pair their smartphone with their PC via Bluetooth and use the proximity of their phone as a secure authentication factor.
- Location: Use location-based services to determine if a user is in an expected location like their office.
As you look to update your access management strategy, you'll need modern devices to support and scale hardware-based MFA and the convenience of solutions such as Windows Hello*.
*To use Windows Hello with biometrics specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required.