The first step is prevention, described by Ramamoorthy as “at-the-door authentication.” Prevention includes the usage of password managers to generate secure passwords and to have good failure policies in place. It also incorporates multi-factor authentication (MFA), which is something the user knows, owns, or, in the case of fingerprint or facial recognition, is.
“At-the-door authentication actively encourages behavior that decreases susceptibility to attack during initial authentication. Workday delivers a globally deployable MFA via app, through one-time access codes, and frictionless MFA via SMS,” said Ramamoorthy.
Ramamoorthy went on to describe the second phase of prevention, which is the careful management of authentication policies.
“Organizations should understand who their users are, what their roles are, and how authentication requirements change across roles. It’s important for businesses to understand that policy reviews and updates are critical over time—as security threats evolve and users remain a constant target,” she said.
The final element of prevention is “just-in-time” authentication for the most sensitive user tasks. Also called “step-up authentication,” tasks that trigger this might include a user accessing a specific set of financial data, which would require an additional form of authentication that would only grant access for a short period of time.