Move Beyond Passwords to Multi-Factor Authentication

With so many devices being utilized in the retail industry—smartphones, laptops, POS systems—protecting them only with passwords exposes company and customer data to greater risk and frustrates users. Verizon’s “2017 Data Breach Investigations Report” revealed that 81% of hacking-related breaches involved stolen or weak passwords. Users experience “password rage” when they either forget a password or have a password request interrupt their workflow. But the more security becomes a concern, the more users are bothered to enter increasingly complex passwords.

Why Multi-Factor Authentication

Multi-Factor Authentication (MFA) is the next level in device and identity protection. It can help retail companies protect applications and customer cardholder data, while meeting the Payment Card Industry Data Security Standard (PCI DSS).

According to Forrester Research, more than 40% of retail organizations have already adopted MFA.

MFA requires two or more layers of authentication, none of which need to be passwords. It can include any combination of PIN number, password, proximity of a phone, location or a biometric factor such as fingerprint or facial recognition.

Devices with integrated MFA features protect data and identities while improving the user experience. By passively authenticating users, you're making your organization more secure, and reducing reliance on complex passwords.

How to Implement MFA

Be careful about using authentication solutions that aren't grounded in hardware. Many fingerprint readers or cameras in end user devices store biometric data at the software layer in the OS, leaving them vulnerable to hacking. MFA that's grounded in hardware—located deep in the silicon, isolated from the OS and applications—is harder for malicious code to snoop and capture password data.

MFA Features to Consider

Look for devices with Intel® vPro™ Technology, which includes Intel® Authenticate; to help enable hardware-level protection, and make it easier for IT to mix and match identification factors such as:

  • Facial Recognition: Infrared (IR) cameras are more secure than regular cameras for facial recognition. ThinkPad Glance utilizes face/eye/gaze-tracking to automatically lock a device if the user isn't present.
  • Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
  • PIN: Short PIN codes can be used alongside other authentication factors as part of an MFA solution.
  • Consider the following as supplementary MFA factors:
    • Phone Proximity: Users can pair smartphone with their PC via Bluetooth and securely use the their phone proximity as an authentication factor.
    • Location-based services: Determine if a user is in an expected location like their office.

MFA Best Practices in Retail

For a more seamless MFA implementation process:

  1. Apply it across the board: Cloud applications, on-premise applications, services, resources, etc.
  2. Use MFA and Single Sign-on: This increases security by eliminating the need for multiple passwords
  3. Test and update often: monitor frequently: Engage IT or a third-party to test and monitor your MFA policy to ensure it's up-to-date and tested for vulnerabilities regularly to help lower breach risks.
Move Beyond Passwords to Multi-Factor Authentication

Biometric authentication technology is utilized in 62% of companies, and an additional 24% plan to utilize it within two years.


  • Lenovo has a range of devices with integrated MFA features like fingerprint readers and IR cameras. By authenticating users through several means, you are making your organization much more secure, and reducing reliance on complex passwords.
  • Lenovo's Match on Chip Fingerprint Reader, available on many ThinkPads, stores biometric credentials on a separate chip, making it harder for malicious code to capture authentication data.
  • ThinkPad Glance utilizes face and eye-tracking to automatically lock and unlock a device based on the presence of the user.