Will remote work security accelerate the expansion of strong MFA?


Since March 2020, a completely new IT security landscape started to emerge. Priorities changed, great emphasis started to be placed on remote work security and protecting the accounts of employees working from home. Since then, strong two-factor authentication (2FA) and multi-factor authentication (MFA) started to gain popularity and the vision of a passwordless future started to become something that will actually happen one day.

Until not so long time ago, MFA was the icing on the cybersecurity cake. Large and medium-sized companies usually reached for this it to protect the most important applications and those that were most at risk of a potential attack. Therefore, webmail clients (such as Outlook Web Access) or web VPN tools were the applications most often chosen as the first to be equipped with a 2FA.

Something that was an interesting addition in February 2020, a few months later, due to the global situation of forced remote work, has rapidly started to grow in popularity.

In the first week of March, when a national quarantine was announced, one of our clients came to us with a request to secure access for 3,000 employees who were sent to work remotely. In response, we introduced additional strong authentication to their accounts so that each employee would have to use the authentication application (Google Authenticator) or cryptographic key (FIDO U2F) during the login process. The authentication method was adjusted to the rank of the employee. People with a higher priority for data protection received cryptographic key security, the rest of employees – an authentication application. Two web applications indicated by the client were secured in this way, and the entire implementation took 2 days, which was a key aspect of this implementation. – says Marcin Szary, CTO of Secfense.

Is two-factor authentication effective?

People who live in one of the countries of the European Union and have an online bank account know what strong two-factor authentication is. In 2019, the EU directive forced all banks in EU to introduce logging into online banking by using two-factor authentication (SMS or banking application). As a result, every customer must additionally confirm their identity with a second factor.

Professionals who deal with cybersecurity, however, may have heard that some 2FA methods (based on one-time passwords) have already been compromised in the past.

Is it worth investing in two-factor authentication?

This anology was a good one during pandemic times. The second component is like a protective face mask. While methods based on one-time passwords are like simple fabric masks, which, although they add an additional layer, do not provide full security, methods based on FIDO2 cryptographic keys are like emergency medical suits. There is no method on this planet that hackers will sooner or later break, but the economy of the attack is simply to big. Accounts protected with FIDO authentication are also sometimes referred as 100% phishing proof because of that. Criminals will rather look for accounts protected only with passwords or weak 2FA like TOTP then waste time on biometric authentication or cryptrographic U2F/FIDO2 keys protected apps.

Problems with a two-factor authentication adoption

If there are strong two-factor authentication methods that completely eliminate the risk of phishing and credential theft then why have they not become the standard yet? Why in the era of forced remote work, companies are beginning to deal with the adoption of these methods on a large scale and have not done it earlier?

MFA implementation has been difficult and required large investments. Each application that was supposed to be protected with the second factor required additional programming work. In some cases, this authentication method was simply not possible at all (e.g. administrative panels or legacy systems).

Adoption based on FIDO U2F security keys was done either in companies with almost unlimited budgets for cybersecurity (as in Google corporation, where since 2017 more than 85,000 employees use cryptographic security keys) or in institutions with the highest cyberattack risks (such as the government of the United Kingdom, Turkey, the US Department of Defense, and numerous international banks).

What has changed?

A cybersecurity company from the EU, which in 2018 began to work on a solution that facilitates the process of adopting the second factor, has now reported significant growth of inquiries related to quick MFA adoption and help in transforming organizations to passwordless.

Since mid-March 2020 we have noted several times more interest in our product. Until just recently, we knocked on our customers’ door trying to get them interested in our technology. Since the pandemic and the rise of remote work customers reach out to us. In March, we were invited to work for two large financial institutions and one e-commerce company. We are at the stage of pilot implementations in five companies and we have already completed several projects, such as the last implementation in PKP Intercity (the biggest railway company in Poland) – says Tomasz Kowalski, CEO of Secfense.

The sudden increase in interest in Secfense and its core product User Access Security Broker is directly related to the increase in demand for strong authentication. Secfense broker addresses the problem of a difficult adoption of MFA and makes it possible to deploy it at scale and with no coding.

What is a user access authentication broker?

User Access Authentication Broker is a tool that allows you to use any strong authentication method (modern the FIDO2 standard, and U2F cryptographic keys as well is sometimes required by our customer’s older methods like SMS or TOTP) and MFA to any web application. The difference of Secfense UASB approach compared to the traditional MFA implementation is that in the first case the programming stage is completely eliminated. Hence, the implementation of any method takes only a few minutes and is easily repeatable (scalable) to any number of web applications in the company.

Regardless of whether the organization decides to protect corporate mail, web VPN service, legacy system, or administrative desktops – the implementation in each case takes only a few minutes, regardless of the number of protected users and regardless of the architectural complexity of the application.

The standard projects we work on now are 1 to 20 applications and 100 to 5000 users. However, these numbers are fully determined according to the needs of a specific client – says Tomasz Kowalski – The authentication method that a given user will be able to use remains always available to the administrator on the client’s side. The customer receives access to the package of all the above-mentioned methods and can configure them at any time based on the company’s internal security policies.

It is also important that the security broker does not store user passwords at any stage, unlike password managers or PAM (Privileged Access Management) systems. In many cases, this is the decisive argument for choosing this type of technology.

What’s next? Learn more and decide what’s the best way to for your business

Since pre-emptive actions are extremely important, there’s a huge effort worldwide put into communication, education, and informing people about new cybersecurity standards. One of the standards that still doesn’t get as much attention as it should is the open web authentication standard called FIDO2. So if there was one thing you could do after reading this story is to learn a bit more about it and then decide if and where you could use it.

If you would like to dig deeper and you are wondering:

  • How exactly does the authentication broker work?
  • What does the implementation and support of this type of solution look like?
  • How to get multi-factor authentication for remote access?
  • How to manage two-factor authentication methods in a company?

Then we recommend scheduling a discovery call with us. We will address all the questions and will also tell you more about microauthorizations, full site protection, and various use cases where it makes the most sense to consider user access security broker and take advantage of the huge potential of the FIDO2 standard.

Antoni takes care of all the marketing content that comes from Secfense. Read More


We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk



We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director


Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera


Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures

Two-factor authentication is known to be one of the best ways to protect against phishing; however, its implementation has always been difficult. Secfense helped us solve that problem. With their security broker, we were able to introduce various 2FA methods on our web applications at once.

Dariusz Pitala

Head of IT