August 12, 2014 By Douglas Bonderud 3 min read

The global multifactor authentication (MFA) market is predicted to reach more than $10 billion by 2017 as three-, four- and five-factor authentication systems gain prominence. Part of this growth can be attributed to the rise of biometric security services, such as fingerprint, retina and facial scanning. A recent Markets and Markets report found that all authentication methods using more than two factors included some form of biometric scanning. However, despite such big-value estimates, some experts argue that the model itself is flawed — will some or all of these innovations get scrapped before they reach enterprises?

The Magic Number

Right now, 90 percent of the MFA market belongs to two-factor authentication. These “standard” methods include passwords, hardware tokens and PINs, although some systems do employ a secondary biometric scan. With a predicated compound annual growth rate of 19.67 percent over the next three years, however, it’s clear that the other 10 percent — and the biometric technology needed to support them — will play a large role. As it stands, three-factor authentication is mostly used in bank lockers and immigration, while four- and five-step methods only make an appearance in high-level government operations. Part of the problem is cost since it’s often prohibitive for a small business to roll out full facial recognition or install high-level fingerprint scanners.

Consider Homeland Security’s most recent project, an airport biometric scanning program that costs at least $7 billion. Slate notes that government officials are currently testing the “exit” portion of the system, which uses facial and iris recognition to identify non-U.S. citizens when they leave the country. Ideally, this would help Customs and Border Protection keep track of visa holders and make sure they are obeying any restrictions.

Opponents of the system argue that most illegal immigrants and militant threats don’t enter or leave through airports and that those overstaying their visa welcome typically don’t leave at all. Still, the plan is to roll out the system in 10 airports by 2015 despite claims that a similar system offered only 85 percent accuracy and worries about whether confirming identities is its main purpose.

Bring-Your-Own-Multifactor-Authentication

However, according to a Network World article, the biggest threat to the growth of multifactor authentication is top-down thinking. It’s a familiar model: Security companies or C-suite executives mandate how, when and where employees authenticate their identity, and employees comply. The problem? In an acronym, BYOD. When Apple and Android became household names, employees started demanding network access at work. Now, these same devices not only feature authentication software, but — at least in Apple’s case — they are trying to leverage new identity attributes, such as location. Consumer interest is also driving the authentication market: Customers want better access to banks and e-commerce services without exposing themselves to undue risk. Is bring-your-own-authentication (BYOA) the next step forward?

The idea has merit, certainly. Mobile users want access on the run, not just while they are sitting at a desk or after “checking in” with company headquarters. But physical location is a fundamental constant of MFA: Employees must be in the building, physically present at a scanner to properly identify themselves. Part of this is cost savings, and part is human oversight; other workers, security guards and even cleaning staff often have a passing familiarity with most employees and a natural distrust of anyone unknown to them. Taking authentication off site opens up the possibility of remote deception without the fallback of scrutiny from other users.

There is little doubt that the multifactor authentication market will continue to grow as companies look for ways to empower users while still ensuring they aren’t impostors. The speed of this growth, however, will be determined by the flexibility of the biometric solutions developed and how well they integrate with the prevailing BYOD culture of corporate environments.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today