How to Set Up Multi-Factor Authentication on Your Small Business Website

For small businesses, offering customers accounts on their website is one way to provide a smoother shopping experience. Accounts and saved data often make it easier for customers to quickly buy what they need or review the purchases they’ve made. However, there are risks to holding on to customer data. Data breaches are becoming more common, and even small businesses need to think about how they can keep customer data safe. Multi-factor authentication (MFA) is one tool you can use to help keep customer data safe. This is how it works — and how you can set it up on your business’s website.

The Benefits of MFA

The primary advantage of MFA is that it makes it much, much harder for hackers to break into a user’s account. This is because MFA requires two “factors of authentication,” unlike single sign-on (SSO), which is the authentication method most sites still use.

With SSO, users just need one factor of authentication, which is usually their login credentials. If a hacker acquires a user’s password, there’s not much stopping them from stealing their account.

What MFA does is add an extra layer of protection: an additional factor of authentication to make sure a user is really who they claim to be. In addition to using something they “know” — their username and password — they also use something they “have” to log in.

That “something” can be a one-time PIN texted to their phone, a specific device, or even some kind of biometric identifier like their thumbprint.

There’s a handful of different MFA types. Some of the most popular kinds are:

• SMS token authentication.
• Email token authentication.
• Biometric ID.
• Voice authentication.
• Time-based one-time password (TOTP or OTP).

Using MFA on both user and admin accounts is a great way to prevent data breaches, which can devastate small businesses.

There are some risks to using MFA. The more steps you add to a log-in process, the more likely customers are to back out. But these downsides are mostly outweighed by the security benefits the tech can offer.

Choosing a Type of Multi-Factor Authentication

Before you can choose an MFA platform, you need to decide what kind of MFA you want from your customers. Not all platforms support the same types of MFA, and knowing which one you’d like to use can help you reach a decision.

Compatibility will also probably be a key concern. Many major e-commerce platforms come with ready-made integration for MFA software.

However, this isn’t always true. For example, BigCommerce doesn’t feature native integration for popular MFA platform Auth0. If you use BigCommerce for your business website, you’ll either have to create a custom solution or pick a different MFA tool.

Multi-Factor Authentication Platforms

Once you’ve decided on the key features you want, you can pick out a platform for your small business website. These are a few of the most popular.

1. Amazon Cognito

Amazon Cognito is an authentication platform from Amazon.com. What sets this platform apart is its wealth of documentation and tutorials. You’ll also have access to Amazon’s support line if you find any part of the platform is too tricky to manage.

Amazon Cognito supports time-based one-time password (TOTP) authentication and SMS authentication.

2. Twilio Authy

Authy, from cloud communications provider Twilio, is another option for small businesses that want to implement MFA.

Consumers can download a Twilio app or install a Twilio browser extension that streamlines the MFA process on any sites that use Authy or Google Authenticator. This can help your business provide a very streamlined login experience, even with Multi-Factor Authentication .

Authy supports TOTP authentication as well as authentication via email, SMS, and voice.

3. Auth0

Auth0 is one of the largest MFA platforms available. Like Amazon Cognito, it includes a wide range of features and tools designed to make it user-friendly and easy to set up. Auth0 also has a significant amount of documentation and resources for users.

Auth0, however, will be more expensive than other solutions. If you’re willing to pay more for smoother MFA setup and management, however, the platform may be worth it.

The platform supports a range of authentication factors, including push notifications, SMS, voice notifications, email, TOTP, and WebAuthn.

4. KeyCloak

KeyClock is a free and open-source software product that allows you to set up SSO and MFA. This tool is a better fit for business owners who want to do it all themselves and are comfortable using documentation and community support to set up a new tool.

By default, KeyCloak only supports OTP MFA through Google Authenticator. The product can be extended to support other forms of MFA — like SMS — but this may take some work.

Once you’ve selected one of these solutions, you’ll need to get in touch with their sales team or download the tool straight from their site, in the case of KeyCloak. Then, you can set up the platform using company support and documentation to set up MFA with your e-commerce platform of choice.

Using MFA to Protect Your Customers’ Data

For small businesses, offering customers accounts on their website is one way to provide a smoother shopping experience. Accounts and saved data often make it easier for customers to quickly buy what they need or review the purchases they’ve made.

However, there are risks to holding on to customer data. Data breaches are becoming more common, and even small businesses need to think about how they can keep customer data safe.