Multi-factor authentication (MFA) doesn’t need to be all or nothing
When it comes to cybersecurity, you can’t just protect a few people and hope for the best – every user in your business needs to be covered. But that doesn’t mean one-size-fits-all.
Some users need more protection than others (think senior leaders or people handling sensitive data). Others just need something simple and secure that works. The challenge for IT teams is finding a multi-factor authentication (MFA) solution that works for everyone – without breaking the bank or creating a user revolt.
Why mobile MFA is popular – but not perfect
Using smartphones for MFA is a popular option. They’re everywhere, easy to use, and most staff already have one in their pocket. In fact, 73% of users say smartphones are the most convenient way to do MFA.
But while mobile-based authentication ticks a lot of boxes – cost, convenience, and wide coverage – it’s not always the right fit for every user or environment.
What drives up the cost of mobile MFA?
Even though mobile apps are cheaper than buying loads of hardware, the total cost can still creep up over time. Why?
✔️ Support and updates
Keeping apps running smoothly across different devices and operating systems takes time and money
✔️ Push notifications
These need to be reliable – and some vendors charge extra to guarantee that
✔️ Training
Not all staff are tech-savvy. Helping them install, use, and update apps can add to the workload
✔️ User resistance
Some users don’t want to install work apps on their personal phones – or might not be allowed to use mobile devices at all (like in secure manufacturing areas)
What about users who can’t use mobile MFA?
In cases where mobile MFA just doesn’t work, organisations have two common alternatives:
- Hardware tokens
Devices like RSA’s DS100 offer strong security with one-time passcodes (OTPs). They also support newer standards like FIDO2, giving you future-proof protection without needing a phone - SMS or voice OTP
Often used as a fallback, these send codes to a user’s phone via text or call. They’re easy to roll out but come with known security risks (like SIM swapping or social engineering)
Balancing security and cost
The reality is, every organisation has different needs and different users. You can’t afford to lock people out, but you also can’t afford to leave systems vulnerable.
Here are some ways to keep costs under control while still improving security:
✔️ Use devices your staff already have (like smartphones)
✔️ Choose MFA tools that scale as you grow
✔️ Test solutions with a small team before rolling them out company-wide
✔️ Mix and match – use hardware tokens or app-based MFA where they make sense, and SMS where necessary
One size fits all rarely works – and that’s ok
The worst thing a business can do is let vendors dictate which security tools you use — especially when those tools don’t suit your users or environment.
We work with RSA Security as a Gold Partner to help you build an MFA setup that fits your business – not the other way around. From mobile-friendly options to hybrid hardware tokens that work both on-prem and in the cloud, we help you create a flexible, cost-effective solution that keeps everyone secure.
Want to explore MFA options that work for your users, your environment, and your budget? Let’s talk.