Passwords remain a critical part of corporate security, but are vilified by IT experts as one of the weakest links in the defensive chain. That’s because users tend to pick common words and phrases to streamline the login process, opening the door for cybercriminals.
According to Infosecurity Magazine, however, there is hope on the horizon. According to a recent SecureAuth survey, 93 percent of organizations are now using multifactor authentication (MFA) to protect users and networks alike. While this isn’t a silver bullet, it’s a step in the right direction, since passwords are past their prime.
The survey revealed that 30 percent of businesses plan to increase MFA adoption through 2017. Additionally, 51 percent of respondents said they use multifactor tools across the organization, while 38 percent said they’ve implemented these solutions in “some areas.”
Big companies are quicker to make the move. Organizations with more than 2,500 employees tend to opt for MFA over standard two-factor authentication, while companies in the 250 to 2,499 range are “very interested,” with 41 percent planning to implement or expand their MFA deployments.
Smaller companies, meanwhile, are more reticent, with over 20 percent opting out of MFA. Still, 82 percent of all respondents said they’re concerned about the misuse of stolen, legitimate credentials.
According to Keith Graham of SecureAuth, multifactor is now a must-have, Infosecurity Magazine reported. “Using a second factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access,” he said.
Multifaceted Multifactor Authentication
The first step in pumping up password protection is typically the adoption of one-time SMS messages to help authenticate legitimate users. The problem is that SMS texts can be easily snooped or hijacked. According to CIO, the National Institute of Standards and Technology (NIST) recently updated its authentication guidelines to dissuade organizations from using SMS, especially as the only other factor in login attempts.
Thankfully, the burgeoning multifactor authentication market is also driving innovation. According to Network World, for example, SecureAuth developed a new type of MFA called symbol-to-accept, which replaces user-friendly (but also fraudster-friendly) push-to-accept solutions.
Symbol-to-accept gives users a small selection of “accept” buttons, each displaying a unique symbol. The user selects the one that matches the symbol on the computer login screen.
Biometrics is another area of significant interest for multifactor authentication. GCN reported that 600 million devices will use some kind of biometric authentication by 2021, with facial and voice recognition getting the most support since they don’t require any additional hardware. Paired with standard passwords and refreshed authentication, biometric solutions could help close the gap between user experience and network defense.
A word of warning, however: Biometrics aren’t foolproof. Already, law enforcement agencies have cracked fingerprint-protected phones using digital prints and ink capable of mimicking skin conductivity, while virtual reality tools can fool facial recognition systems.
Passwords aren’t enough on their own, and they haven’t been for years. Two-factor authentication is a step in the right direction, but the best way to frustrate attackers without inconveniencing employees is to adopt MFA tools that rely on multiple data sources to create an authentication profile.
It’s a strength in numbers scenario. In concert, multiple authentication factors can drown out all but the most determined data criminals.