Akamai Diversity

The Akamai Blog

Phish-Proof Multi-Factor Authentication with Akamai MFA

Today, Akamai announced Akamai MFA, a phish-proof multi-factor authentication (MFA) service for the workforce that delivers all of the security benefits of FIDO2 with the frictionless end-user experience of a mobile push on a smartphone. Why has Akamai introduced this new service?

When an employee logs in to access an application or service, there needs to be absolute certainty that it's the employee and not an attacker. After all, trusting and verifying a doppelganger defeats one of the basic principles of Zero Trust.

MFA adds an additional layer of login authorization to increase that certainty. As the name suggests, it uses an additional factor, such as a text message or a one-time password (OTP), alongside a username and password. Since only the appropriate employee can theoretically receive that second factor request, in the event that an attacker obtains an employee's login credentials, the MFA should block an illegitimate access request.

There's no doubt that MFA can be highly effective in reducing the risk of account takeover. However, it's now become apparent that MFA can be bypassed and, as seen by this high-profile attack, it may provide little more than a security speed bump. In fact, as this recent Akamai blog shows, it's possible to bypass MFA.

So, that's why we have introduced Akamai MFA -- to help organizations reduce the risk of employee account takeover and to underpin one of the core principles of Zero Trust: never trust and always verify.

FIDO2-Based MFA

FIDO2 is a set of industry standards that provides the highest levels of MFA security. It consists of two key components -- the WebAuthn specification, which was developed by W3C, and the Client to Authenticator Protocol (CTAP) specification, which was developed by the FIDO Alliance. Combined, these two specifications create cryptographic login credentials that are unique across every website, never leave the user's device, and are never stored on a server.

To get FIDO2-based MFA today, an organization needs to firstly deploy an MFA service and then buy, distribute, and manage hardware security keys, which significantly increases costs and operational complexities. Another challenge of physical security keys is that the end-user experience is less than ideal -- people lose or forget their keys, meaning additional calls to the IT help desk.

Akamai MFA delivers all of the benefits of FIDO2-based MFA, but without the costs and complexities of physical security keys, and delivers a delightful and frictionless end-user experience through a smartphone application.

Most important, however, Akamai's phish-proof push is designed to remove the risk of fraudulent push notifications being received by an employee, thus eliminating any human decision-making from the authentication process. When an employee receives the secure push notification from Akamai MFA, they can be absolutely certain it's genuine when they click to accept.

Akamai MFA

Akamai MFA is a new MFA service for your workforce, featuring an innovative phish-proof push authentication factor. Akamai MFA integrates with market-leading IDP solutions, including Akamai's own Enterprise Application Access, to allow customers to maximize security for single sign-on use cases. Additionally, Akamai MFA can be integrated with UNIX and Windows RDP servers to deliver MFA to Secure Shell and Remote Desktop Protocol workflows. Built on the global Akamai Edge platform, Akamai MFA delivers the scale and reliability you need to protect your employees anywhere at any time.

To learn more about Akamai MFA and to find out if it can help you transform your MFA strategy, head to akamai.com/mfa where you can sign up for a free 60-day evaluation of the service.