This chapter will cover how to pick the right MFA solution for your organization and needs. We'll proceed as if you are tasked with choosing your organization's future MFA solution. You'll find dozens of questions and requirements, in checklist form, that you can use during any MFA evaluation project; a list of MFA vendors you can research; a summary project plan outline; and a link to a spreadsheet that lists over 115 MFA vendors, along with a summary of their particular features and options. This chapter will give you a leg up in evaluating MFA solutions for you.

Introduction

One of the most common questions I get from people who have seen my hacking MFA presentations or read my related articles is, “What MFA solution should I get?” Let's start off by setting expectations for this chapter. There is no perfect MFA solution that works for everyone. Without knowing a lot more about your organization, its risk tolerances, applications, budget, and security culture, I can't even begin to hazard a guess about what would be best for you and your organization.

I know what the questioner is asking and why. They are super busy and tasked with a hundred other things, and picking the right MFA solution for their company is just one of them. They want someone else, more knowledgeable about MFA, to pick the solution they need out of the hundreds available. Or they are looking for the one I would personally deem “least hackable.” They want to start their ...