When you have custom or legacy applications that don\u2019t support standard authentication protocols, it can feel like you\u2019re facing an impossible choice: Keep the apps you depend on, or keep your organization secure. Maybe you\u2019d like to add another layer of security, such as multi-factor authentication, to make those on-premises apps more secure. But if the apps don\u2019t support protocols like SAML or RADIUS, that\u2019s a pretty tall order; by which I mean it will take a lot of very expensive development time and effort.On the other hand, you can\u2019t very well just leave custom and legacy apps secured by nothing more than a username-and-password combination. That\u2019s putting your organization at tremendous risk, when you consider that 81 percent of hacking-related data breaches leverage stolen or weak passwords. Even if those apps are behind the firewall, all it takes one hacker with stolen credentials to break through, and the apps\u2013and the valuable data they contain\u2013become instantly vulnerable to a breach.MFA-Firewall Integration: A Great Alternative to Two Bad ChoicesSo what\u2019ll it be? Bite the bullet and undertake a development effort to manually add multi-factor authentication to legacy and custom apps? Or just stick with a credentials-based approach to security, and hope for the best?If you go with the first alternative, be prepared to devote considerable resources to custom-code multi-factor authentication for apps that don\u2019t natively support SAML or RADIUS authentication protocols. And be prepared to tolerate the trade-offs with business priorities that also require those resources.If you go the other route, and stick with just a credentials-based approach, be prepared to accept being sorely unprepared for the fallout if a hacker attacks. And that\u2019s not really a very big \u201cif,\u201d considering how common credentials-based attacks have become.So much for the bad choices. What about that great alternative promised above?Advantages of Integrating MFA with a Next-Generation FirewallInstead of adding multi-factor authentication at the application level, where development time and costs can be prohibitive, consider doing it at the network level, through a next-generation firewall integration. This will allow the firewall to enforce multi-factor authentication, so user identity and access privileges can be confirmed beforeaccess is ever granted.With the next-generation firewall acting as an authentication gateway, there\u2019s no need to update the apps themselves with multi-factor authentication. And you not only improve app security, you also help support compliance with regulations that require implementation of controls to protect sensitive information. Given all the regulations that focus on protection of personal data these days, that\u2019s not inconsequential.Next time you catch yourself thinking there are no good choices for making legacy and custom apps more secure, consider a next-generation firewall with integrated multi-factor authentication capabilities. In a world of lesser evils, it\u2019s a much more attractive alternative.Learn more about using multi-factor authentication to transform secure access for today\u2019s challenges in the RSA webinar series Access Transformation in Action, continuing through July 25 and available on demand after that date.This is the last in a\u00a0series of posts\u00a0about transforming secure access in five key areas to address today\u2019s changing access landscape. Visit the RSA website to learn more about\u00a0multi-factor authentication to secure access from cloud to ground, and check out the RSA webinar series\u00a0Access Transformation in Action.