Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


May 2, 2024 | Denny LeCompte

For Authentication, There’s a Better Way than MFA

Today, sophisticated cybercriminals have developed many strategies to bypass MFA, exploiting its weaknesses, particularly through social engineering and other hacking techniques.

Over the last decade, multifactor authentication (MFA) has become the standard security practice for protecting access to business networks and applications.

There’s no denying the fact that MFA significantly enhances security by requiring multiple forms of verification to prove identity. However, it has many weaknesses.

Today, sophisticated cybercriminals have developed many strategies to bypass MFA, exploiting its weaknesses, particularly through social engineering and other hacking techniques. The ubiquity of MFA-based attacks, as seen in high profile breaches against the MGM and Caesar’s casinos or the recent MFA bombing experienced by Apple users, begs the question: is MFA secure enough?

As it turns out, no. However, there are more secure methods of authentication. Chief among them are digital certificates and certificate-based authentication, which offer stronger security and integrity for authenticating to both on-prem and SaaS applications in corporate environments.

Denny LeCompte of Portnox discusses why that when it comes to Authentication, There’s a Better Way than MFA

Denny LeCompte

The Vulnerabilities of MFA

MFA enhances security by combining two or more independent credentials: what the user knows (password), what the user has (security token), and what the user is (biometric verification). Despite its effectiveness in blocking unauthorized access, MFA is still particularly susceptible to social engineering attacks.

One common method is the phishing attack, where attackers trick users into providing their login credentials and MFA codes. These attacks have become sophisticated enough to deceive even the most vigilant users.

For example, after obtaining the primary password, an attacker could masquerade as a support agent and convince a user to share their temporary MFA token under the guise of verifying their identity, thus gaining full access.

Another significant vulnerability in MFA is the reliance on mobile phones as a physical security token. SMS-based authentication, a popular form of MFA, can be compromised via SIM swap attacks, where the attacker manages to transfer the victim’s phone number to a new SIM card, thus receiving all SMS-based MFA codes.

Why Digital Certificates Provide Stronger Security

Digital certificates represent a more secure and robust approach to authentication for several reasons. A digital certificate uses public key infrastructure (PKI) to issue and manage digital certificates, ensuring secure, encrypted communications between the client and the server.

Unlike MFA, which can be susceptible to human error and social engineering, the security of digital certificates does not rely on any action from the user beyond the initial setup. Its benefits include:

  • Enhanced Security Features: Digital certificates bind a public key with an identity (such as a name or an email address) and use encryption to protect the data in transit. This method ensures that even if the communication were intercepted, it could not be decrypted without the corresponding private key, which remains securely stored on the user’s device.
  • Reduced Risk of Phishing and Social Engineering: Since digital certificates do not require the user to input a code or provide any information during the authentication process, they are inherently immune to phishing attacks. There is nothing for the user to hand over inadvertently to an attacker.
  • Automation and Ease of Management: Digital certificates can be managed at scale using certificate management systems that automate the issuance, renewal, and revocation of certificates. This reduces the administrative burden and minimizes the risk of human error, making it a suitable choice for enterprise environments.

Implementing Certificate-based Authentication

To transition to a certificate-based authentication system, organizations must deploy a PKI to issue and manage certificates. This includes setting up a secure local signing authority or using a third-party certificate authority (CA). Each device or user in the network is issued a certificate, which can be used to authenticate securely to network resources without the need for traditional usernames, passwords, or additional authentication factors.

Furthermore, for businesses that continue to use MFA, integrating certificate-based methods as a factor can significantly enhance security, creating a more fortified authentication framework.

Encryption, Automation, and Immunity

Though MFA plays a crucial role in modern cybersecurity strategies, it is not foolproof. Its vulnerabilities, especially to social engineering, highlight the need for more secure, robust authentication methods.

Digital certificates provide a compelling solution with their ability to offer high levels of encryption, automation, and immunity to many common cyber threats. As cyber threats evolve, the adoption of certificate-based authentication could be the next step in strengthening corporate defenses against the increasingly sophisticated landscape of cybersecurity threats.

Denny LeCompte is CEO of Portnox.

Image: iStock

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience