Intelligent MFA Gets a Jump on User, Device Risk

Updated PingID adds support for FIDO-compliant biometrics, security keys

Ping Identity is having a busy week with its second significant product update in as many days. The IAM vendor today announced new risk-assessment and anti-phishing features being added to its MFA solution, PingID.

The Lowdown:  PingID’s new features include ways to evaluate user and device risk before access is granted, as well as support for Fast Identity Online (FIDO) standards to increase resistance to advanced phishing attacks.

The Details:  With phishing-resistant and user-friendly authentication methods — including biometric authenticators such as facial recognition and fingerprint matching — organizations can create policies to enforce MFA only when warranted by increased risk.

The updated PingID adds:

● Integration with FIDO standards: Starting next month, PingID support for Windows Hello and Mac Touch ID will support FIDO-compliant authentication methods. Additionally, PingID integration with FIDO-compliant security keys, such as Yubikeys, can be used for Web authentication and Windows log-in. Hardware OATH-compliant tokens will also be available next month for use as an authentication factor when users are unable to use a mobile device.
● Intelligent risk assessment: PingID is now previewing capabilities for evaluating the location where a user requests access to corporate resources and comparing it to the location of the previous request. If the distance between the two geographies is unreasonable, access can be automatically denied. Also in preview, PingID assesses the reputation of the IP address from which a user requests access. Organizations can mandate specific MFA methods when the malicious activity-based risk score associated with an IP address exceeds established levels.
● Improved user and admin experience: PingID can support configuration of granular access policies such as the number of attempts allowed on a one-time password or the lockout time for failed log-ins. Next month, PingID will add support for a simplified MFA for VPN access for remote workers.

Background:  Verizon’s 2019 Data Breach Investigations Report found that 32% of breaches involved phishing and 29% of breaches involved the use of stolen credentials. As a result, MFA comes highly recommended by security frameworks such as Zero Trust and the NIST CSF, as well as regulations like the PCI Data Security Standard.

The Buzz:  “Hackers are evolving their tactics to access accounts and steal data every single day, and it’s our responsibility as an enterprise security provider to come up with innovative and reliable ways to assess risk before access is granted and block access when warranted,” said Steve Shoaff, chief product officer at Ping Identity. “PingID is a core product that enterprises have been using for years, and its new features make it stronger and smarter than ever.”