August 12, 2014 By Douglas Bonderud 3 min read

The global multifactor authentication (MFA) market is predicted to reach more than $10 billion by 2017 as three-, four- and five-factor authentication systems gain prominence. Part of this growth can be attributed to the rise of biometric security services, such as fingerprint, retina and facial scanning. A recent Markets and Markets report found that all authentication methods using more than two factors included some form of biometric scanning. However, despite such big-value estimates, some experts argue that the model itself is flawed — will some or all of these innovations get scrapped before they reach enterprises?

The Magic Number

Right now, 90 percent of the MFA market belongs to two-factor authentication. These “standard” methods include passwords, hardware tokens and PINs, although some systems do employ a secondary biometric scan. With a predicated compound annual growth rate of 19.67 percent over the next three years, however, it’s clear that the other 10 percent — and the biometric technology needed to support them — will play a large role. As it stands, three-factor authentication is mostly used in bank lockers and immigration, while four- and five-step methods only make an appearance in high-level government operations. Part of the problem is cost since it’s often prohibitive for a small business to roll out full facial recognition or install high-level fingerprint scanners.

Consider Homeland Security’s most recent project, an airport biometric scanning program that costs at least $7 billion. Slate notes that government officials are currently testing the “exit” portion of the system, which uses facial and iris recognition to identify non-U.S. citizens when they leave the country. Ideally, this would help Customs and Border Protection keep track of visa holders and make sure they are obeying any restrictions.

Opponents of the system argue that most illegal immigrants and militant threats don’t enter or leave through airports and that those overstaying their visa welcome typically don’t leave at all. Still, the plan is to roll out the system in 10 airports by 2015 despite claims that a similar system offered only 85 percent accuracy and worries about whether confirming identities is its main purpose.

Bring-Your-Own-Multifactor-Authentication

However, according to a Network World article, the biggest threat to the growth of multifactor authentication is top-down thinking. It’s a familiar model: Security companies or C-suite executives mandate how, when and where employees authenticate their identity, and employees comply. The problem? In an acronym, BYOD. When Apple and Android became household names, employees started demanding network access at work. Now, these same devices not only feature authentication software, but — at least in Apple’s case — they are trying to leverage new identity attributes, such as location. Consumer interest is also driving the authentication market: Customers want better access to banks and e-commerce services without exposing themselves to undue risk. Is bring-your-own-authentication (BYOA) the next step forward?

The idea has merit, certainly. Mobile users want access on the run, not just while they are sitting at a desk or after “checking in” with company headquarters. But physical location is a fundamental constant of MFA: Employees must be in the building, physically present at a scanner to properly identify themselves. Part of this is cost savings, and part is human oversight; other workers, security guards and even cleaning staff often have a passing familiarity with most employees and a natural distrust of anyone unknown to them. Taking authentication off site opens up the possibility of remote deception without the fallback of scrutiny from other users.

There is little doubt that the multifactor authentication market will continue to grow as companies look for ways to empower users while still ensuring they aren’t impostors. The speed of this growth, however, will be determined by the flexibility of the biometric solutions developed and how well they integrate with the prevailing BYOD culture of corporate environments.

More from

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes.After the Log4Shell vulnerability, securing open-source software became a top priority for the federal government.…

How cyber criminals are compromising AI software supply chains

3 min read - With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important.Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to be a hacktivist organization motivated by an anti-AI cause, specifically targets these resources to poison data sets used in AI model training.No matter whether you use…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today