Technology and connectivity has transformed the face of our world in the past 50 years. Unfortunately, that also means the face of crime has evolved, too. Cyber security is one of the biggest challenges that modern organisations face. Between 2021 and 2023, the number of worldwide data breaches increased by 72%. And a data breach costs, on average, US$4.45 million [1]. Not something to be taken lightly.
Access control systems store user data and help protect buildings from intrusion by unauthorised people. It is therefore vital that the system is robust. One method of beefing up the security of an access control system is multi-factor authentication.
What is multi-factor authentication?
Multi-factor authentication (MFA) is a process which requires users to present more than one credential to authorise their access. Most access control installations only require single-factor authentication. By adding another layer, organisations can massively increase the security of the system.
Credentials are the things used to authenticate a user’s identity in the access control system. There are three types of credentials:
- Something you have (like a a swipe card or tag)
- Something you know (like a PIN code or password)
- Something you are (like your fingerprint or iris patterns).
What are the threats for physical access control?
Access control systems prevent unauthorised users from accessing secure areas. The consequences in the case of a breach can be serious. Areas are usually secured because they house people, assets, or data that are important to the organisation. Anything that presents a risk to one or more of those things must be eliminated or reduced as much as possible.
If an access control system is breached, it is either through the misuse of a valid credential, or a more sophisticated cyber-attack. Multi-factor authentication cannot prevent hacking or other cyber-attacks, but it can significantly reduce risks of on-site breaches.
How MFA strengthens access control security
Implementing MFA in an access control system introduces a layered security strategy. Any potential intruder has to crack at least double the number of credentials to falsely gain access. According to research by Microsoft, MFA reduces the risk of account compromise by 99.2%. Even in the case of leaked credentials, the risk is reduced by 98.6% [2]. These figures apply to online accounts, but the principle and the impact remains the same for physical access control.
The most common credential used in access control systems is a swipe card. However, a swipe card on its own could be easily lost or stolen. In a single-factor authentication system, the loss of that one card poses a serious risk of a breach. Adding another layer of security, such as also requiring a PIN code or a fingerprint scan, mitigates that risk. It is highly unlikely that whoever found or stole the swipe card would also have access to that secondary credential.
For the highest level of security, biometric credentials offer inherent benefits. The user must be physically present to validate their fingerprint, face scan, iris pattern, or other feature. In addition, biometric credentials are extremely difficult to intercept, steal, or clone.
Benefits of implementing MFA in access control
Increased security
The primary benefit of implementing MFA in access control systems is the added security. Your system, when equipped with MFA, is more effective at only allowing authorised individuals to enter. It protects against intruders more robustly, and creates a more reliable system.
Greater user trust
The added reliability of a system using MFA translates to greater trust among the users. If people are certain that their buildings are secure, they feel safer and more comfortable. Any anxiety about security risks is assuaged. And when people feel more secure, they perform at their best.
Compliance with regulations
In the UK and the European Union, the General Data Protection Regulation (GDPR) sets out clear rules for data protection and privacy. One of the stipulations of GDPR is that organisations must implement appropriate technical and operational measures to secure personal data. If a business is storing personal data on its premises, MFA at the building’s access points contributes to the protection of that data.
Possible challenges to consider
Balancing security and convenience
MFA improves security. Of that, there is no doubt. However, it has the opposite effect on the convenience of the access control system. Adding another credential requirement at least doubles the amount of time it takes each person to use the system. In some environments, for example a busy office with lots of people arriving and leaving at the same time each day, this might cause problems. However, in a military institution, it is likely that the security of the system would be prioritised over individual convenience. Every access control installation must carefully balance these factors and adapt them to the unique circumstances of the project.
Costs of implementation
As with any system change or implementation, there is a cost associated with MFA in access control. In addition, an organisation must plan carefully for such a change and prepare resources and budgets for guiding users through it. However, every organisation must consider the long-term benefits of such an investment. And that’s not to mention the mitigated costs of potential security breaches.
Privacy concerns for biometric data
If your plans for MFA include biometric credentials, then privacy concerns must be addressed. Many people are uncomfortable with giving out their biometric data. They have valid concerns about the security of that data in computer systems. However, many of those concerns are guided by misconceptions. High-quality biometric access control solutions such as ievo fingerprint readers are equipped with built-in security features that ensure fingerprint data is safe.
Your next steps for adopting MFA
Multi-factor authentication is an easy way to significantly increase the security of any access control system. It massively reduces the risk of unauthorised individuals gaining access to secure areas. Nonetheless, any organisation considering implementing MFA needs to think carefully about it. While it beefs up security, it also reduces the convenience of the system for users. So MFA might not be appropriate for every door in every building.
Solutions for implementing MFA
CDVI offers a range of solutions for multi-factor authentication. Here’s a quick list of the key components you need for each combination:
Proximity and PIN
To require users to swipe a proximity card and input a PIN code, you’ll need:
- ATRIUM A22K controller
- A card reader (e.g. K2 or SOLAR-PB)
- A Wiegand-enabled keypad (e.g. GALEO-W)
Alternatively, you could use one of our combined reader-keypads, such as the SOLAR-KPB or, for a higher security encrypted solution, the K4.
Facial recognition and proximity card OR facial recognition and PIN
To require users to match a facial recognition camera and swipe a proximity card, you’ll need:
Fingerprint and proximity
To require users to scan their fingerprint and swipe a proximity card, you’ll need:
- ATRIUM A22K controller
- A fingerprint reader with card reader function (e.g. IEVO-U+ or IEVO-M+)
- IEVO-MB biometric control board
For even more robust security, our ievo biometrics range offers a ‘template on card’ function. Normally, all the saved fingerprint templates are kept on the IEVO-MB interface board, which is stored on the secure side of the door. In a ‘template on card’ installation, the board doesn’t store any templates at all. Each user is issued a swipe card which contains their fingerprint template data. When they arrive at the access point, they present the card, and the template data is sent to the interface board. Then, the user scans their fingerprint as normal and the system ensures that it matches the template. If so, they are granted entry. Finally, the temporarily saved template is deleted again, clearing the board’s memory.
To find out more about multi-factor authentication in physical access control, book a demo with our expert team 👇