December 21, 2016 By Douglas Bonderud 2 min read

Passwords remain a critical part of corporate security, but are vilified by IT experts as one of the weakest links in the defensive chain. That’s because users tend to pick common words and phrases to streamline the login process, opening the door for cybercriminals.

According to Infosecurity Magazine, however, there is hope on the horizon. According to a recent SecureAuth survey, 93 percent of organizations are now using multifactor authentication (MFA) to protect users and networks alike. While this isn’t a silver bullet, it’s a step in the right direction, since passwords are past their prime.

Emerging Expectations

The survey revealed that 30 percent of businesses plan to increase MFA adoption through 2017. Additionally, 51 percent of respondents said they use multifactor tools across the organization, while 38 percent said they’ve implemented these solutions in “some areas.”

Big companies are quicker to make the move. Organizations with more than 2,500 employees tend to opt for MFA over standard two-factor authentication, while companies in the 250 to 2,499 range are “very interested,” with 41 percent planning to implement or expand their MFA deployments.

Smaller companies, meanwhile, are more reticent, with over 20 percent opting out of MFA. Still, 82 percent of all respondents said they’re concerned about the misuse of stolen, legitimate credentials.

According to Keith Graham of SecureAuth, multifactor is now a must-have, Infosecurity Magazine reported. “Using a second factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access,” he said.

Multifaceted Multifactor Authentication

The first step in pumping up password protection is typically the adoption of one-time SMS messages to help authenticate legitimate users. The problem is that SMS texts can be easily snooped or hijacked. According to CIO, the National Institute of Standards and Technology (NIST) recently updated its authentication guidelines to dissuade organizations from using SMS, especially as the only other factor in login attempts.

Thankfully, the burgeoning multifactor authentication market is also driving innovation. According to Network World, for example, SecureAuth developed a new type of MFA called symbol-to-accept, which replaces user-friendly (but also fraudster-friendly) push-to-accept solutions.

Symbol-to-accept gives users a small selection of “accept” buttons, each displaying a unique symbol. The user selects the one that matches the symbol on the computer login screen.

Biometrics Booming

Biometrics is another area of significant interest for multifactor authentication. GCN reported that 600 million devices will use some kind of biometric authentication by 2021, with facial and voice recognition getting the most support since they don’t require any additional hardware. Paired with standard passwords and refreshed authentication, biometric solutions could help close the gap between user experience and network defense.

A word of warning, however: Biometrics aren’t foolproof. Already, law enforcement agencies have cracked fingerprint-protected phones using digital prints and ink capable of mimicking skin conductivity, while virtual reality tools can fool facial recognition systems.

Passwords aren’t enough on their own, and they haven’t been for years. Two-factor authentication is a step in the right direction, but the best way to frustrate attackers without inconveniencing employees is to adopt MFA tools that rely on multiple data sources to create an authentication profile.

It’s a strength in numbers scenario. In concert, multiple authentication factors can drown out all but the most determined data criminals.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today