SecureAuth Survey: 69% of Organizations Will Do Away with Passwords within 5 Years

IRVINE, Calif. – Oct. 13, 2016 – SecureAuth Corporation, the leader in adaptive access control, today announced the release of survey results revealing industry perspectives on passwords and authentication. Commissioned in conjunction with Wakefield, the responses surveyed more than 200 IT decision makers (ITDMs) in the U.S. Among the findings, the survey revealed that 69 percent of organizations are likely to do away with passwords within the next 5 years.

“On the heels of recent mega breaches such as Yahoo!, in which usernames, passwords and security question responses were compromised, there’s a growing movement from individuals and businesses for an authentication overhaul,” said Craig Lund, CEO of SecureAuth. “Single-factor, password-based authentication – and even many traditional two-factor approaches – are no longer enough in today’s increasingly digital world. And with costs associated with cyberattacks totaling millions of dollars a year, it’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy.”

Credential Crisis
Stolen credentials are at the core of a startling number of breaches. According to the 2016 Verizon Data Breach Investigations Report, 63 percent of the attacks it studied leveraged weak, default or stolen credentials at some point in the attack, indicating that organizations must implement stronger forms of authentication to hinder the rising tide of credential abuse.
 
Alarmingly, the Wakefield survey found that organizations on average are only protecting 56 percent of their assets with multi-factor techniques. When asked why they had not yet made improvements to their authentication strategy, Wakefield respondents cited resistance from company executives and disruption to users’ daily routine as the top hindrances – tied at 42 percent. Other reasons for not adopting an improved authentication strategy include:

 • Lack of resources to support maintenance – 40 percent
 • Steep employee learning curve – 30 percent
 • Fear the improvements wouldn’t work – 26 percent

 

“While companies are learning that password-only policies leave their organizations vulnerable, many ITDMs and C-level executives are still hesitant to evolve and update their authentication strategies,” said Lund. “It’s a tough balancing act – organizations must confirm user identities with the strongest forms of access control while also balancing a positive and non-intrusive user experience. Fortunately, user- friendly adaptive access technologies such as device recognition, threat services, and geo-location look- up, when used in layers helps strengthen any organization’s security posture, enabling users to stay both secure and productive with minimal disruption to their daily routines.”

Authentication Fact & Fiction
Shockingly revealed in the survey, was nearly all (99 percent) of respondents agree two-factor authentication is the best way to protect an identity and its access. However, recent news has shown that many traditional two-factor authentication methods, such as SMS-based one-time passwords, are being circumvented by attackers in well-crafted phishing attacks. Illustrating this inherent risk, the National Institute of Standards and Technology (NIST) recently announced a proposal to no longer recommend two-factor authentication using SMS delivered one-time passcodes as an out-of- band authentication method. Indeed, basic two-factor authentication alone is no longer enough – and it’s time for companies to adapt.

Furthermore, the majority (73 percent) of Wakefield respondents cited security questions or knowledge- based authentication (KBA) as the most essential measure for a company to authenticate its users securely. However, attackers often compromise these security questions and answers, greatly increasing an individual’s exposure to cybercriminal attacks. Responses to some security questions can also be gleaned from social media sites, social engineering attacks and even a cybercriminal’s educated guess.

Encouragingly, other measures deemed essential by ITDMs for their organization’s authentication strategy include: device recognition (59 percent); a biometric, such as fingerprint, facial, or iris scans (55 percent); one-time passcodes (49 percent); and geo-fencing, geo-location, or geo-velocity capabilities (34 percent).

“Organizations are using outdated authentication approaches that require extra steps for users, and are ineffective against todays advanced attacks, said Keith Graham, CTO of SecureAuth. “Legacy two-factor approaches to authentication are no longer enough, and organizations must evolve and strengthen their defenses against cyber adversaries. Those that are forward thinking are implementing modern, behind the scenes adaptive risk checking that increases security while not getting in the way of the end user experience. Strong security during authentication no longer has to be at the expensive of the end user – users and organizations can now have both.”

Methodological Notes:
The SecureAuth Survey was conducted by Wakefield Research among 200 U.S. IT decision makers, between September 16th and September 22nd, 2016, using an email invitation and an online survey.
 
About SecureAuth  
SecureAuth is the leader in adaptive access control solutions, empowering organizations to determine identities with confidence. SecureAuth provides strong identity security while minimizing disruptions to the end-user. SecureAuth has been providing Single-Sign On and Multi-Factor Authentication solutions for over a decade. For the latest insights on adaptive access control, follow the SecureAuth blog, follow @SecureAuth on Twitter and on LinkedIn, or visit www.secureauth.com.
   
SecureAuth® IdP is a registered trademark of SecureAuth Corporation in the United States and/or other countries.

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Careers

Contact