How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Identity & Access Management (IAM)Threat & Vulnerability Management

Very likely6%

Likely41%

Somewhat likely23%

Somewhat unlikely14%

Unlikely11%

Very unlikely2%

Unsure

590 PARTICIPANTS
3.6k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
CTO in Software3 years ago

The "basics" of MFA are usually straightforward and not very challenging to get right. The challenging part is what happens next, I often refer to it as "operationalizing" security - driving adoption and awareness, providing training, controlling configuration drift, etc.

Content you might like

NFTs: Hype or revolutionary?

Hype43%

Revolutionary39%

Too early to tell16%

What’s an NFT?

View Results

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Read More Comments

Blacklisting IPs is not an effective use of the security team’s time.

Strongly agree9%

Agree58%

Neutral15%

Disagree14%

Strongly disagree2%

Other (please specify)

View Results

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

How likely is an organization to have misconfigured multi-factor authentication (MFA) settings? | Gartner Peer Community