Findings show 74 percent of respondents who use two-factor authentication admit that they receive complaints
IRVINE, Calif. – Jan. 11, 2017 – SecureAuth® Corporation, the leader in adaptive access control, today announced the results of a survey that reveals challenges associated with two-factor authentication (2FA). Commissioned in conjunction with Amplitude Research, the responses surveyed 300 IT decision makers and cybersecurity professionals on industry perspectives and concerns with 2FA.
When considering the impact on end users, 74 percent of respondents who use 2FA admit that they receive complaints about 2FA from their users – and nearly 10 percent of them just “hate it.” This is a noticeable turnaround from a 2016 SecureAuth survey, which revealed 99 percent of IT departments believed two-factor authentication was the best way to protect an identity and its access.
“It’s not surprising that organizations are receiving an increasing amount of complaints about 2FA,” said Craig Lund, CEO and founder of SecureAuth. “IT professionals face an ongoing battle as they are frequently forced to choose between user experience and increased security. This should be a false paradigm in 2017. Adaptive authentication solutions provide world-class security without impacting usability. That’s because risk checks are done without users even being aware of it — and two-factor authentication is applied only if risks are detected.”
Adaptive Authentication on the Rise
The survey also reveals that while organizations are using 2FA in many instances, IT decision makers are moving towards adaptive authentication. While 56 percent of organizations are using 2FA in some capacity – either across the organization or in certain areas, 37 percent are using adaptive authentication. In addition, a further 16 percent are preparing to implement or expand adaptive authentication in the next 12 months. When examining large organizations (2,500 or more employees), the usage of adaptive rises to 41 percent. Additionally, 20 percent of medium-sized businesses, those with 250-2,499 employees) are planning to implement or expand adaptive authentication in 2017.
“These findings indicate there is an upheaval for adaptive authentication solutions beyond 2FA and the traditional password,” says Lund. “Organizations are already implementing stronger methods of user authentication, including adaptive access control and multi-factor authentication. By layering adaptive techniques such as device recognition, geo-location, the use of threat services, and even behavioral biometrics, organizations can verify the true identity of the end user while still providing positive user experience.”
Smaller Organizations Have Cybersecurity Concerns, But Lack Implementation
IT decision makers from small organizations were significantly less likely than those from larger organizations to implement or expand adaptive authentication in the next 12 months (24 percent and 42 percent, respectively). Despite their lack of implementation, 73 percent of the respondents from small organizations said they were concerned about the potential misuse of stolen credentials and identities to access their organization’s assets and information. A key component for this contrast may be found in cybersecurity spending, for example SecureAuth’s December 2016 survey revealed a slowing in budget increases between 2015 and 2016. It is clear that smaller budgets have left small organizations vulnerable to breaches by way of stolen credentials.
The SecureAuth survey was conducted by Amplitude Research (www.amplituderesearch.com ) and administered to 300 cybersecurity professionals or IT decision-makers in November 2016. Results of any sample are subject to sampling variation.
SecureAuth is the leader in adaptive access control solutions, empowering organizations to determine identities with confidence. SecureAuth provides strong identity security while minimizing disruptions to the end-user. SecureAuth has been providing SSO, multi-factor and adaptive authentication solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog, follow @SecureAuth on Twitter and on LinkedIn.
SecureAuth® is a registered trademark in the United States and/or other countries.