User Adoption of Multi-Factor Authentication

Dear Readers,

This week’s blog is about User Adoption of Multi-Factor Authentication.

The use of multi-factor authentication is vital, as it ensures that information is only accessed by the intended person, making it harder for cybercriminals to steal. If user data is less tempting, cyber thieves will go for a different one. Multi-factor authentication is a blend of two different factors. One is usually the username and password, which is something the user knows.

Ambimat Electronics, with its experience of over forty years, desires to draw the attention of its readers and potential customers towards this blog post about their new product called AmbiSecure key and how it will benefit us.

User Adoption of Multi-Factor Authentication

Due to the pandemic, things did change significantly, especially in respect to workplace. A large number of employees stepped out from their office environments, in the hopes of returning someday. IT professional globally struggled to make the transition to remote work as effective as possible. However, in most cases they weren’t ready to address numerous challenges ranging from authentication to remote on-boarding, to secure this transition.

The biggest hurdle was apparent: how to securely authenticate users accessing numerous organization apps outside the normal office environment or perimeter?

A study conducted by 451 Research on how the adoption rate of multi-factor authentication fared during the COVID-19 situation. It was found that during the pandemic and the shift to remote work environment due to it spurred a rise towards multi-factor authentication acceptance and spending. However, work is still pending in order to fill the gap that exist when it comes to MFA best practices.

Multi-factor authentication adoption increased due to COVID-19

With the rise of remote work, users were more vulnerable to attack — almost half the numbers of users reported that they had experienced a breach during the first phase of the pandemic. However, there is some good news for MFA supporters: most organization shifted towards MFA methods to secure the virtual workplace.

  • MFA is considered to be a secure technology to adopt in response to COVID-19
  • 74% of respondents that is about three out of four plans to intensify spending on MFA. This is greater for the retail (81%) and financial services (80%)
  • Most organization are increasing their spending on MFA by almost 10%
  • About half of organization have limited the use of passwords or have implemented MFA as direct response to COVID-19

So, we can conclude that organization are becoming aware of the rise in threats and are willing to shift towards cost-effective solution to address them. Unfortunately, there is no one plan that is suitable for all when it comes to MFA — individual organization will have to evaluate its security feature and adopt MFA accordingly. Nonetheless, the survey does show that there is rapid growth towards the acceptance of MFA.

Organization keen on passwordless authentication, despite the gap

The known issue to MFA still remains. When asked, organization cited that human-error was the biggest obstacle encountered towards adoption. User experience (43%) and complexity (41%) were seen as problems towards acceptance. This was ensued by cost (36%). Increased security (57%) was the primary reason towards multi-factor authentication adoption.

Surprising enough, even with vulnerabilities, mobile-based MFA methods are still in demand:

  • Mobile-based OTP authenticators are still prevalent form of MFA factor (58%). This includes single gesture. Sadly, phishing-resilient USB security keys ranked the lowest (40%).
  • Interestingly, majority of the respondent relied on SMS-based authentication (41%) while only 22% perceived security as a problem with SMS-based authentication.
  • 79% of IT and privileged user were likely to adopt MFA. On the other hand, organization were less inclined in implementing MFA for non-technical employees. Even with MFA, a large group of privileged users depended upon the use of password associated with mobile OTP authentications (53%).

A research conducted by Google proved that hardware security keys had the capability to protect against phishing attacks as compared to other MFA option. Additionally, they are 4x faster than mobile MFA approaches, offering a streamlined user experience.

Even as the survey established the fact that MFA acceptance best practice is yet to come, but organization are already planning to push forward with passwordless authentication solution. Around one-third, or roughly 34% of respondents have begun to deploy passwordless technology while 27% has kept passwordless authentication in pilot. Even with passwordless authentication methods not being equal, the desire to shift to it only displays how organization want to implement solutions that deliver a seamless user experience.

The trends of digital transformation and MFA acceptance continues to rise

In 2021 the pace of MFA and spending grew due to continuing migration to the cloud, digital transformation projects, and extended WFH policies. This trend will continue to happen in the future as well. New technology always requires a learning curve, but organization can do practical things to accelerate the pace of acceptance.

To push MFA adoption organization must train and educate employees, focus on a unified user experience, and set aside enough budgetary resources for mitigating ongoing threats. Threats existed prior to the pandemic, and will remain after it as well ― actually, the threats will be severe. The transition to remote work has opened the doors to vulnerability, and organization cannot be in the middle of it when unexpected breaches and attacks happen.

Multi-factor authentication adoption with AmbiSecure

FIDO2 is a standard that simplifies and secures user authentication. It uses public-key cryptography to protect from phishing attacks and is the only phishing-proof factor available. Corporations around the world and across many sectors, including healthcare, can benefit from Fast Identity Online or Fast ID Online (FIDO) authentication, which their employees and users can use to minimize security risks, and improve overall user experience. The AmbiSecure key and card is FIDO certified which offers superior security by combining hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers.
AmbiSecure helps organizations accelerate to a password-less future by providing FIDO2 protocol support. Not only does FIDO2 supports two-factor authentication, but also paves the way for eliminating weak password authentication, with strong single-factor (passwordless) hardware-based authentication. The AmbiSecure provides a simple and intuitive authentication experience that users find easy to use, ensuring rapid adoption and organizational security. Ambisecure key or card does not require a battery or network connectivity, making authentication always accessible.

Reference:

https://www.yubico.com/blog/75-of-enterprise-security-managers-plan-to-increase-mfa-spending-according-to-new-study-by-yubico-and-451-research

Protecting Intellectual Property
User experience with passwordless authentication edited