This week’s blog is about User Adoption of Multi-Factor Authentication.
The use of multi-factor authentication is vital, as it ensures that information is only accessed by the intended person, making it harder for cybercriminals to steal. If user data is less tempting, cyber thieves will go for a different one. Multi-factor authentication is a blend of two different factors. One is usually the username and password, which is something the user knows.
Ambimat Electronics, with its experience of over forty years, desires to draw the attention of its readers and potential customers towards this blog post about their new product called AmbiSecure key and how it will benefit us.
User Adoption of Multi-Factor Authentication
Due to the pandemic, things did change significantly, especially concerning the workplace. A large number of employees stepped out from their office environments, in the hopes of returning someday. IT professionals globally struggled to make the transition to remote work as effective as possible. However, in most cases they weren’t ready to address numerous challenges ranging from authentication to remote onboarding, to secure this transition.
The biggest hurdle was apparent: how to securely authenticate users accessing numerous organization apps outside the normal office environment or perimeter?
A study conducted by 451 Research on how the adoption rate of multi-factor authentication fared during the COVID-19 situation. It was found that the pandemic and the shift to remote work environments spurred a rise towards multi-factor authentication acceptance and spending. However, work is still pending to fill the gap that exists when it comes to MFA best practices.
Multi-factor authentication adoption increased due to COVID-19
With the rise of remote work, users were more vulnerable to attack — almost half the number of users reported that they had experienced a breach during the first phase of the pandemic. However, there is some good news for MFA supporters: most organizations shifted towards MFA methods to secure the virtual workplace.
- MFA is considered to be a secure technology to adopt in response to COVID-19
- 74% of respondents that is about three out of four plan to intensify spending on MFA. This is greater for the retail (81%) and financial services (80%)
- Most organization are increasing their spending on MFA by almost 10%
- About half of the organizations have limited the use of passwords or have implemented MFA as a direct response to COVID-19
So, we can conclude that organizations are becoming aware of the rise in threats and are willing to shift towards a cost-effective solution to address them. Unfortunately, there is no one plan that is suitable for all when it comes to MFA — the individual organization will have to evaluate its security feature and adopt MFA accordingly. Nonetheless, the survey does show that there is rapid growth towards the acceptance of MFA.
Organization keen on passwordless authentication, despite the gap
The known issue to MFA remains. When asked, the organization cited that human error was the biggest obstacle encountered towards adoption. User experience (43%) and complexity (41%) were seen as problems towards acceptance. This was ensued by cost (36%). Increased security (57%) was the primary reason for multi-factor authentication adoption.
Surprising enough, even with vulnerabilities, mobile-based MFA methods are still in demand:
- Mobile-based OTP authenticators are still a prevalent form of MFA factor (58%). This includes a single gesture. Sadly, phishing-resilient USB security keys ranked the lowest (40%).
- Interestingly, the majority of the respondent relied on SMS-based authentication (41%) while only 22% perceived security as a problem with SMS-based authentication.
- 79% of IT and privileged users were likely to adopt MFA. On the other hand, organizations were less inclined in implementing MFA for non-technical employees. Even with MFA, a large group of privileged users depended upon the use of passwords associated with mobile OTP authentications (53%).
Research conducted by Google proved that hardware security keys could protect against phishing attacks as compared to other MFA options. Additionally, they are 4x faster than mobile MFA approaches, offering a streamlined user experience.
Even as the survey established the fact that MFA acceptance best practice is yet to come, organizations are already planning to push forward with passwordless authentication solutions. Around one-third, or roughly 34% of respondents have begun to deploy passwordless technology while 27% have kept passwordless authentication in the pilot. Even with passwordless authentication methods not being equal, the desire to shift to it only displays how organizations want to implement solutions that deliver a seamless user experience.
The trends of digital transformation and MFA acceptance continues to rise
In 2021 the pace of MFA and spending grew due to continuing migration to the cloud, digital transformation projects, and extended WFH policies. This trend will continue to happen in the future as well. New technology always requires a learning curve, but an organization can do practical things to accelerate the pace of acceptance.
To push MFA adoption organizations must train and educate employees, focus on a unified user experience, and set aside enough budgetary resources for mitigating ongoing threats. Threats existed before the pandemic and will remain after it as well the threats will be severe. The transition to remote work has opened the doors to vulnerability, and organizations cannot be in the middle of it when unexpected breaches and attacks happen.
Multi-factor authentication adoption with AmbiSecure
FIDO2 is a standard that simplifies and secures user authentication. It uses public-key cryptography to protect from phishing attacks and is the only phishing-proof factor available. Corporations around the world and across many sectors, including healthcare, can benefit from Fast Identity Online or Fast ID Online (FIDO) authentication, which their employees and users can use to minimize security risks and improve overall user experience. The AmbiSecure key and card are FIDO certified which offers superior security by combining hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers.
AmbiSecure helps organizations accelerate to a password-less future by providing FIDO2 protocol support. Not only does FIDO2 supports two-factor authentication, but also paves the way for eliminating weak password authentication, with strong single-factor (passwordless) hardware-based authentication. The AmbiSecure provides a simple and intuitive authentication experience that users find easy to use, ensuring rapid adoption and organizational security. Ambisecure key or card does not require a battery or network connectivity, making authentication always accessible.