← Back to Blog

The Cost of a Bad MFA Implementation

May 29, 2023 • Victoria Savage

If you’re considering implementing an MFA solution at your organization, you’re probably wondering what the cost of MFA is going to be, and what that price tag will include. IT departments are increasingly stretched thin, and getting company-wide buy-in for cybersecurity products can be a challenge.

That’s why you need to find the MFA solution that’s right for your organization.

In this article, we’ll explore how a bad MFA implementation can cause costs to bloat, waste valuable time and resources, and put you at risk for insurance non-renewals and cyber attacks. We’ll look beyond the sticker price of an MFA solution and learn how to discover the total cost of ownership. Finally, we’ll unpack how you can avoid a bad MFA implementation, and what to look for in an MFA solution.

Let’s dive in!

Table of Contents

1. What is Multi-factor Authentication (MFA)
2. What are the types of MFA?
3. What are the costs of an MFA deployment?
4. How can you avoid the costs of a bad MFA deployment?

What is Multi-Factor Authentication (MFA)?

Multi-factor Authentication (MFA), also known as Two-factor Authentication (2FA), requires more than one identity dimension to grant access to a particular service or application.

MFA combines two or more of the following identity dimensions:

• Something you know (like a password or security question).
• Something you have (like a mobile device or authentication token).
• Something you are (such as biometrics).

Requiring MFA adds an additional layer of security to your critical infrastructure, and many companies use MFA to protect their business system-wide.

What are the types of MFA?

In addition to the knowledge dimension, which is often a password, there are many types of second-layer authentication options that businesses can choose from.

Here are a few common types below:

• Authenticator Apps: MFA can be done through the use of an authenticator app installed on a user’s phone, laptop, or another device in their possession. Apps can generate one-time passwords, or send push notifications with access requests. They’re a popular choice for businesses with BYOD policies in place.
• SMS and Email: Second-factor codes can also be sent through text message (SMS) or email. These methods are simple to set up as they utilize existing devices and don’t require complicated user enrollment. End-users are often already familiar with them as MFA has become more prevalent in the consumer space.
• Hardware token: Hardware tokens have become a popular choice once again as a strong and trusted authentication method that doesn’t require end users to install any apps on their personal devices. Hardware tokens can be purchased at cost and last for three to five years.
• U2F Security Keys: U2F security keys, also known as FIDO keys, are considered some of the best authentication methods available, as they are phishing-resistant. They also require no external communication to operate and offer near-frictionless authentication.
• Passcode Grid: Passcode grid authentication is a simple, no-cost authentication choice for organizations that need to prioritize flexibility and accessibility. End-users are given a 5×5 grid with uniquely generated “tuples” that can be printed or saved for fast authentication.

What are the costs of an MFA implementation?

You may think that the cost to deploy an MFA solution simply comes down to the cost of licenses for each of your users. However, there are more considerations when you factor in the total cost of ownership of an MFA solution.

The costs of MFA fall under three main categories:

• Set-up costs
• Deployment costs
• Maintenance costs

Let’s take a look at what goes into each of these costs, and how a bad MFA deployment can cause them to skyrocket.

Cost of MFA Set-up

To calculate the set-up costs of an MFA solution, multiply the number of hours you will need to spend on the implementation by your IT department’s hourly labor costs.

When making your calculations, consider the following problems that can occur:

• Lengthy set-up time: Tedious MFA implementations take valuable time away from your already busy IT department. Some MFA solutions can take several days or even weeks to set up. This can also affect your ability to renew your cyber insurance policy on time, costing you even more in the long run.
• Incorrect implementation: If you’re working with a poorly documented or overly complicated solution, it increases the likelihood that the solution will be set up incorrectly. Your IT team may need to spend even more time re-doing the implementation, or fixing problems with it.
• Poor support: If your MFA solution provider is hard to get a hold of, it can take longer to troubleshoot issues and find solutions. This contributes to even more time wasted and a frustrated IT team.

 

A bad MFA solution can double or even triple the cost of setting it up.

Cost of MFA Deployment

To calculate the cost of an MFA deployment, multiply the number of users you have by the price of the licenses. Then calculate the time it will take to deploy the solution to your users, times the hourly labor costs of your IT department.

Consider some of these factors, which can make for a more costly deployment, while making your calculations:

• • Complicated deployments: If your MFA solution doesn’t have the tools to roll out your new solution methodically to your end-users, it can cause confusion and a lack of buy-in from users. This can compromise the perceived security of your new security solution, and contribute to lost productivity.
  • Help desk tickets: A bad MFA deployment can tie up your IT department with dozens of time-consuming help desk tickets. Every password reset can cost more than $70, and every help desk ticket is around $22.
  • Incomplete deployments: If your MFA solution isn’t implemented comprehensively across your organization, it could leave you open to breaches and ransomware attacks. The average cost of a data breach has risen to 4.3 million dollars. An incomplete deployment can also contribute to denied cyber insurance claims, or even being denied a policy outright.

A bad MFA deployment can cause massive disruptions to your organization and negatively impact your bottom line.

Cost of MFA Maintenance

The cost to maintain your MFA solution can be calculated by multiplying the amount of time spent updating, fixing, or administering the solution by your IT department’s hourly labor costs.

Below are some common issues with maintaining an MFA solution that has been poorly implemented.

• • • Lost productivity: When your end-users can’t log in, are confused about the process, or are forced to use an authentication method that doesn’t work for their process, that means they’re not working. Employees spend on average 11 hours a year trying to remember forgotten passwords, contributing to millions in productivity losses.
    • Lack of administrator tools: MFA solutions that assume one-size-fits-all aren’t able to adapt to your unique environment and processes. Without flexibility and centralized policies available, IT administrators have to work harder than they should need just to administer the solution.
    • Troubleshooting difficulties: Solutions that are hard to install are often hard to maintain. Fixing issues with an overly complicated MFA solution can be time-consuming, costly, and frustrating, especially if there’s a lack of support.

 

While it may seem that going with a cheap, out-of-the-box MFA solution is getting a great deal, it could cost you much more in the long run.

The good news is that there are ways to mitigate and even prevent a bad MFA deployment, and ensure a lower total cost of ownership over your solution.

Let’s explore some of those below.

How can you avoid the costs of a bad MFA deployment?

When you’re implementing MFA at your organization, you should look for a solution that is going to work with the unique needs of your company.

We recommend looking for a solution that offers the following things:

Flexible authentication: Your MFA solution should offer a variety of authentication methods that give you and your end-users options.

Deployment options: Look for a solution that offers a deployment method other than just the cloud. On-premises MFA is a great way to retain total control over your security system.

Seamless integrations: Make sure your MFA solution can integrate with your existing infrastructure and offers connectivity to all of your applications and services.

Intuitive roll-out: Look for an MFA solution that has flexible enrollment options, including user-led enrollment, as well as the ability to test changes before deploying them.

Top-tier support: Something as important as cybersecurity support can’t be left to chance. You need to be able to know who to call when something goes wrong and trust they’ll get back to you in a timely manner.

With a flexible, robust MFA solution from a partner focused on support and service, your total cost of ownership should remain low.

Getting started with MFA

If you need MFA for your company and aren’t sure where to start, reach out to us for a free, no-commitment consultation.

← Back to Blog