This is part four of our MFA blog series for Cybersecurity Awareness Month. You can read up on blog one here, blog two here, and blog three here.

We already know the importance of multi-factor authentication (MFA) to secure access to resources for users in a world where passwords are the single largest attack vector. In a recent study, it was found that 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

When thinking about MFA, many people automatically think about using mobile push notifications, SMS one time passcodes (OTP), and other mobile-centric authentication methods. But what about when frontline or field employees need access to critical resources and systems and don’t have access to a mobile device or where mobile devices are not allowed due to the sensitive nature of the data being accessed? Here are some scenarios where the use of mobile devices is not feasible:

  • Outsourced call centers with employees accessing systems connecting to sensitive data within your organization like customer PII.
  • Part-time customer service employees that handle critical customer data in order to provide a user with effective customer support.
  • Military field personnel that cannot use electronic forms of authentication due to the possibility of transmission interception.
  • Mobile emergency workers in emergency situations and it is not convenient or possible to carry mobile devices.

How do you enable MFA for these employees?

One way is the use of Physical keys like FIDO keys. But these can prove to be too expensive and inefficient to support. Keys can be lost or damaged and have to be replaced. When employees quit or new employees join, they need to be wiped and reconfigured.

What are Grid cards and how do they work?

Grid cards are an easy to use and cost effective way to provide MFA for users that cannot use mobile devices to log in to the required systems and applications. The Entrust Grid Card is a paper-based card that can be printed from a PDF file and contains a grid of rows and columns that consist of numbers and characters. As part of the MFA process, users are presented with a coordinate challenge and must respond with the information in the corresponding cells from the unique card that they possess.

In the example grid card below, a user is presented with an authentication challenge when trying to log in to a restricted resource, such as an application or service, and must provide the information in cell E5. The information in cell E5 is “X7”. The user can enter this information to complete the MFA challenge and gain access to the required resource.

The number of cells and number of characters within each cell is configurable. Cells can be configured to expire after single use, or the challenge mechanism can be configured to use a least-used cell approach to prevent attackers who may have gained access to previously used cells to correctly respond to the challenge. The overall grid card can also be configured to have an expiry date.

When needed to be replaced, these grid cards can easily be generated and provided to employees in the form a of a printable pdf for easy and secure distribution.

With the use of this simple low-tech, low cost, secure MFA authenticator, you can now support remote field and frontline staff with an easy to use, strong multi-factor authentication (MFA). Get the peace of mind of a strong MFA without the overhead that comes with supporting it. Learn more about grid cards here.