Move Beyond Passwords to Multi-Factor Authentication

Often, government employees are handling sensitive data. Whether it's related to national defense or constituent personal identifiable information, governments must take the highest precautions to make sure only those employees with the proper permissions are granted access. Coupled with the fact that governments are prime targets for hacking, user authentication rises in importance. Protecting devices only with passwords exposes you to greater risk. Verizon’s “2017 Data Breach Investigations Report” revealed that 81% of hacking-related breaches involved stolen or weak passwords.

Why Multi-Factor Authentication

The next level in device and identity protection is multi-factor authentication (MFA). MFA requires two or more layers of authentication, none of which need to be passwords. It can include any combination of PIN number, password, proximity of a phone, location or a biometric factor such as fingerprint or facial recognition. According to Forrester, only 6% of organizations were found to enforce a baseline of device security policies like password entry, remote lock, and remote wipe. Do you use only passwords to protect devices?

Devices with integrated MFA features protect data and identities while improving the user experience. By passively authenticating users, you are making your organization much more secure, and reducing reliance on complex passwords.

How to Implement MFA?

Be careful about using authentication solutions that are not grounded in hardware. Many fingerprint readers or cameras you find in end user devices store the biometric data at the software layer in the OS, leaving them vulnerable to hacking.

With MFA grounded in hardware, it is much harder for malicious code to snoop and capture password data because its located deep in the silicon, isolated from the OS and applications.

MFA Features to Consider

Look for devices with Intel® vPro™ Technology, which includes Intel® Authenticate; this not only helps to enable hardware-level protection, but makes it easier for IT to mix and match identification factors such as the following:

  • Facial Recognition: Infrared (IR) cameras are more secure than regular cameras for facial recognition. In addition, ThinkPad Glance utilizes face-, eye- and gaze-tracking to automatically lock a device if the user is not present.
  • Fingerprints: Lenovo Match on Chip Fingerprint Reader (MoC FPR) stores biometric credentials on a separate chip, making it almost impossible to hack.
  • PIN: Short PIN codes can be used alongside other authentication factors as part of an MFA solution.
  • Consider the following as supplementary MFA factors:
    • Phone Proximity: Users can pair their smartphone with their PC via Bluetooth and securely use the proximity of their phone as an authentication factor.
    • Location: Use location-based services to determine if a user is in an expected location like their office.
Move Beyond Passwords to Multi-Factor Authentication

When used in combination, multiple authentication factors add a greater degree of security to a system by minimizing the likelihood that an intruder will be able to compromise more than one technique.

Mike Chapple, Associate Teaching Professor of IT, University of Notre Dame


  • Lenovo has a range of devices with integrated MFA features like fingerprint readers and IR cameras. By authenticating users through several means, you are making your organization much more secure, and reducing reliance on complex passwords.
  • Lenovo's Match on Chip Fingerprint Reader, available on many ThinkPads, stores biometric credentials on a separate chip, making it harder for malicious code to capture authentication data.
  • ThinkPad Glance utilizes face and eye-tracking to automatically lock and unlock a device based on the presence of the user.