A recent survey conducted by the access management company SecureAuth has shown the use of multi-factor authentication to secure data is increasing in popularity, although passwords still appear to be favored by the majority of organizations.
Passwords are not secure. They can be guessed or cracked using brute force attacks. End users also find it difficult to remember passwords and many still use simplistic passwords to secure their accounts. As recent breaches and data dumps have shown, many users still choose password, 123456, or equally easy to guess passwords for their accounts. Password recycling is also commonplace. If one web platform experiences a breach, the password can be used to gain access to multiple accounts. Often work passwords are used for personal sites and vice versa.
It is therefore unsurprising that the survey revealed the majority of IT professionals think passwords will be phased out at their organization in the next five years. 200 IT decision makers were asked about passwords and methods used to secure data. 69% said passwords would be abandoned altogether by 2021.
However, while many organizations have transitioned to multi-factor authentication to secure their assets, uptake has been relatively slow. Currently only 32% of companies said they use multi-factor authentication on at least three quarters of their assets. A further 27% said they use multi-factor authentication to protect between 50% and 75% of assets.
While it is taking some time to implement MFA, it is universally thought of as the best way to keep data secure. 99% of respondents felt two-factor authentication controls was the best method of protecting identities. Biometrics may show promise, although the cost is deemed by many to be prohibitively expensive.
When asked what are the main barriers were to implementing multi-factor authentication controls, the main problems were resistance from company executives, disruption to user’s routines, and the lack of resources to support maintenance.
However, times are a-changing. Major breaches at LinkedIn, Yahoo, MySpace, and numerous other online platforms that resulted in passwords and security questions being compromised has prompted many businesses to carefully consider changing their authentication processes. It may not be time to ditch passwords entirely, but many companies are now considering augmenting passwords with other identity controls.
As Craig Lund, SecureAuth CEO explains, “Single-factor, password-based authentication – and even many traditional two-factor approaches – are no longer enough in today’s increasingly digital world.” With data breach costs now running to millions of dollars, passwords alone do not offer sufficient protection. As Lund says” it’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy.”