The global multifactor authentication (MFA) market is predicted to reach more than $10 billion by 2017 as three-, four- and five-factor authentication systems gain prominence. Part of this growth can be attributed to the rise of biometric security services, such as fingerprint, retina and facial scanning. A recent Markets and Markets report found that all authentication methods using more than two factors included some form of biometric scanning. However, despite such big-value estimates, some experts argue that the model itself is flawed — will some or all of these innovations get scrapped before they reach enterprises?

The Magic Number

Right now, 90 percent of the MFA market belongs to two-factor authentication. These “standard” methods include passwords, hardware tokens and PINs, although some systems do employ a secondary biometric scan. With a predicated compound annual growth rate of 19.67 percent over the next three years, however, it’s clear that the other 10 percent — and the biometric technology needed to support them — will play a large role. As it stands, three-factor authentication is mostly used in bank lockers and immigration, while four- and five-step methods only make an appearance in high-level government operations. Part of the problem is cost since it’s often prohibitive for a small business to roll out full facial recognition or install high-level fingerprint scanners.

Consider Homeland Security’s most recent project, an airport biometric scanning program that costs at least $7 billion. Slate notes that government officials are currently testing the “exit” portion of the system, which uses facial and iris recognition to identify non-U.S. citizens when they leave the country. Ideally, this would help Customs and Border Protection keep track of visa holders and make sure they are obeying any restrictions.

Opponents of the system argue that most illegal immigrants and militant threats don’t enter or leave through airports and that those overstaying their visa welcome typically don’t leave at all. Still, the plan is to roll out the system in 10 airports by 2015 despite claims that a similar system offered only 85 percent accuracy and worries about whether confirming identities is its main purpose.

Bring-Your-Own-Multifactor-Authentication

However, according to a Network World article, the biggest threat to the growth of multifactor authentication is top-down thinking. It’s a familiar model: Security companies or C-suite executives mandate how, when and where employees authenticate their identity, and employees comply. The problem? In an acronym, BYOD. When Apple and Android became household names, employees started demanding network access at work. Now, these same devices not only feature authentication software, but — at least in Apple’s case — they are trying to leverage new identity attributes, such as location. Consumer interest is also driving the authentication market: Customers want better access to banks and e-commerce services without exposing themselves to undue risk. Is bring-your-own-authentication (BYOA) the next step forward?

The idea has merit, certainly. Mobile users want access on the run, not just while they are sitting at a desk or after “checking in” with company headquarters. But physical location is a fundamental constant of MFA: Employees must be in the building, physically present at a scanner to properly identify themselves. Part of this is cost savings, and part is human oversight; other workers, security guards and even cleaning staff often have a passing familiarity with most employees and a natural distrust of anyone unknown to them. Taking authentication off site opens up the possibility of remote deception without the fallback of scrutiny from other users.

There is little doubt that the multifactor authentication market will continue to grow as companies look for ways to empower users while still ensuring they aren’t impostors. The speed of this growth, however, will be determined by the flexibility of the biometric solutions developed and how well they integrate with the prevailing BYOD culture of corporate environments.