December 21, 2016 By Douglas Bonderud 2 min read

Passwords remain a critical part of corporate security, but are vilified by IT experts as one of the weakest links in the defensive chain. That’s because users tend to pick common words and phrases to streamline the login process, opening the door for cybercriminals.

According to Infosecurity Magazine, however, there is hope on the horizon. According to a recent SecureAuth survey, 93 percent of organizations are now using multifactor authentication (MFA) to protect users and networks alike. While this isn’t a silver bullet, it’s a step in the right direction, since passwords are past their prime.

Emerging Expectations

The survey revealed that 30 percent of businesses plan to increase MFA adoption through 2017. Additionally, 51 percent of respondents said they use multifactor tools across the organization, while 38 percent said they’ve implemented these solutions in “some areas.”

Big companies are quicker to make the move. Organizations with more than 2,500 employees tend to opt for MFA over standard two-factor authentication, while companies in the 250 to 2,499 range are “very interested,” with 41 percent planning to implement or expand their MFA deployments.

Smaller companies, meanwhile, are more reticent, with over 20 percent opting out of MFA. Still, 82 percent of all respondents said they’re concerned about the misuse of stolen, legitimate credentials.

According to Keith Graham of SecureAuth, multifactor is now a must-have, Infosecurity Magazine reported. “Using a second factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access,” he said.

Multifaceted Multifactor Authentication

The first step in pumping up password protection is typically the adoption of one-time SMS messages to help authenticate legitimate users. The problem is that SMS texts can be easily snooped or hijacked. According to CIO, the National Institute of Standards and Technology (NIST) recently updated its authentication guidelines to dissuade organizations from using SMS, especially as the only other factor in login attempts.

Thankfully, the burgeoning multifactor authentication market is also driving innovation. According to Network World, for example, SecureAuth developed a new type of MFA called symbol-to-accept, which replaces user-friendly (but also fraudster-friendly) push-to-accept solutions.

Symbol-to-accept gives users a small selection of “accept” buttons, each displaying a unique symbol. The user selects the one that matches the symbol on the computer login screen.

Biometrics Booming

Biometrics is another area of significant interest for multifactor authentication. GCN reported that 600 million devices will use some kind of biometric authentication by 2021, with facial and voice recognition getting the most support since they don’t require any additional hardware. Paired with standard passwords and refreshed authentication, biometric solutions could help close the gap between user experience and network defense.

A word of warning, however: Biometrics aren’t foolproof. Already, law enforcement agencies have cracked fingerprint-protected phones using digital prints and ink capable of mimicking skin conductivity, while virtual reality tools can fool facial recognition systems.

Passwords aren’t enough on their own, and they haven’t been for years. Two-factor authentication is a step in the right direction, but the best way to frustrate attackers without inconveniencing employees is to adopt MFA tools that rely on multiple data sources to create an authentication profile.

It’s a strength in numbers scenario. In concert, multiple authentication factors can drown out all but the most determined data criminals.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today