Votes Increase for Election Security with Multifactor Authentication

Breaches in election security have unfortunately become our new reality. In 2016, America’s elections were targeted by a “foreign nation-state” intent on infiltrating and manipulating our electoral system. In fact, the U.S. Department of Homeland Security (DHS) notified 21 states that they were targeted by hackers during that election year. Security experts continue to warn us about ongoing threats to the U.S. election system.

It won’t be long until security and its role in the election process again takes center stage, especially when it comes to local- and state-level elections. The
recent impact of COVID-19 has forced numerous states to delay their primary elections or decide to rely on mail-in ballots. Because of the enormous
skepticism surrounding mail-in ballots and their authenticity, state- and local-election organizations are looking for digital solutions―along with reliable cybersecurity measures―to help them offer a safe and accurate voting process.

Due to the immense pressure to prevent unauthorized access to sensitive data and other personal information associated with elections, security experts agree multifactor authentication (MFA) is one of the strongest technology investments that state and local government agencies can make. While there are a number of states across the country that have already adopted MFA for their election security, unfortunately, the majority has not.

The Recognized Strength of Multifactor Authentication 

MFA is a layered approach to securing data, accounts and transactions where a system or network requires a user to present a combination of two or more credentials to then verify that user’s identity for login. The approach relies on the concept that even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted system or network.

In that respect, MFA is a security technology that can significantly strengthen election security for state and local elections because it makes it more difficult for a potential hacker to gain access to secure databases, applications, and other election infrastructure assets. A document on MFA published by the U.S. Department of Homeland Security specifically states that “MFA can help prevent adversaries from gaining access to an organization’s assets even if passwords are compromised through phishing attacks or other means, and that each factor of authentication added to the login process increases security.”

Integrating MFA into the Election Process

There are numerous supporting security practices that work well with MFA. The options can range from incorporating a single sign-on environment to using out-of-band authentication factors, for example, that involve time-limited and single-use codes delivered by email, phone or text messages.

When it comes to state and local election activities, organizations and agencies should look to add MFA security wherever remote login may be required to access internal networks, systems or user accounts to include various channels such as Wi-Fi, Virtual Private Networks (VPNs), and dial-up. That authenticated access should also include voter registration, election-night reporting and other election-office IT systems.

How to Choose the Right MFA Solution

So now the case has been made for how MFA can strengthen election security, it bodes the question of how to choose the best one. The most sophisticated MFA solutions combine behavioral profiling, device identification and calculated risk factors to automate the authentication process in a transparent yet powerful manner.

While many security vendors claim to offer MFA technology, below are four tips for choosing an MFA solution provider:

1. Differentiate between providers that “offer” and “own” MFA technology versus those that work with another third-party vendor to provide that service.
2. Determine exactly what MFA options are provided as well as any premium prices to get what you want. Desirable options include the ability to communicate with the end user by landline, email or text message and perhaps using an app to support the use of biometrics.
3. Ensure that that behavioral monitoring and analytics are available to keep the process smooth (i.e., having the ability to recognize a user and match key
   items in the login path with the current access profile).
4. Beware of vendors that don’t offer a free, full proof-of-concept to corroborate what they tell you they can do.

With an experienced vendor―offering robust and proven MFA technology―state and local agencies can quickly be ready to protect their elections from cybersecurity threats.