December 21, 2016 By Douglas Bonderud 2 min read

Passwords remain a critical part of corporate security, but are vilified by IT experts as one of the weakest links in the defensive chain. That’s because users tend to pick common words and phrases to streamline the login process, opening the door for cybercriminals.

According to Infosecurity Magazine, however, there is hope on the horizon. According to a recent SecureAuth survey, 93 percent of organizations are now using multifactor authentication (MFA) to protect users and networks alike. While this isn’t a silver bullet, it’s a step in the right direction, since passwords are past their prime.

Emerging Expectations

The survey revealed that 30 percent of businesses plan to increase MFA adoption through 2017. Additionally, 51 percent of respondents said they use multifactor tools across the organization, while 38 percent said they’ve implemented these solutions in “some areas.”

Big companies are quicker to make the move. Organizations with more than 2,500 employees tend to opt for MFA over standard two-factor authentication, while companies in the 250 to 2,499 range are “very interested,” with 41 percent planning to implement or expand their MFA deployments.

Smaller companies, meanwhile, are more reticent, with over 20 percent opting out of MFA. Still, 82 percent of all respondents said they’re concerned about the misuse of stolen, legitimate credentials.

According to Keith Graham of SecureAuth, multifactor is now a must-have, Infosecurity Magazine reported. “Using a second factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access,” he said.

Multifaceted Multifactor Authentication

The first step in pumping up password protection is typically the adoption of one-time SMS messages to help authenticate legitimate users. The problem is that SMS texts can be easily snooped or hijacked. According to CIO, the National Institute of Standards and Technology (NIST) recently updated its authentication guidelines to dissuade organizations from using SMS, especially as the only other factor in login attempts.

Thankfully, the burgeoning multifactor authentication market is also driving innovation. According to Network World, for example, SecureAuth developed a new type of MFA called symbol-to-accept, which replaces user-friendly (but also fraudster-friendly) push-to-accept solutions.

Symbol-to-accept gives users a small selection of “accept” buttons, each displaying a unique symbol. The user selects the one that matches the symbol on the computer login screen.

Biometrics Booming

Biometrics is another area of significant interest for multifactor authentication. GCN reported that 600 million devices will use some kind of biometric authentication by 2021, with facial and voice recognition getting the most support since they don’t require any additional hardware. Paired with standard passwords and refreshed authentication, biometric solutions could help close the gap between user experience and network defense.

A word of warning, however: Biometrics aren’t foolproof. Already, law enforcement agencies have cracked fingerprint-protected phones using digital prints and ink capable of mimicking skin conductivity, while virtual reality tools can fool facial recognition systems.

Passwords aren’t enough on their own, and they haven’t been for years. Two-factor authentication is a step in the right direction, but the best way to frustrate attackers without inconveniencing employees is to adopt MFA tools that rely on multiple data sources to create an authentication profile.

It’s a strength in numbers scenario. In concert, multiple authentication factors can drown out all but the most determined data criminals.

More from

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today