Canadian Underwriter

Seven in 10 polled organizations expect to do away with passwords within five years: U.S. survey

October 14, 2016   by Canadian Underwriter

Print this page Share

Reliance on largely ineffective traditional authentication techniques is building as efforts to do away with passwords – cited by 69% of polled respondents in the United States – is ebbing, note new survey results from SecureAuth Corporation.

Commissioned in conjunction with Wakefield Research, the survey results from SecureAuth Corporation explored industry perspectives on passwords and authentication. Involving 200-plus IT decision makers (ITDMs) south of the border, the poll was conducted using an email invitation and online survey.

Hacker using laptop. Alarmingly, the survey found that organizations on average are only protecting 56% of their assets with multi-factor techniques, notes a statement Thursday from SecureAuth, a California-based provider of access control solutions.

Respondents cited as their top reasons for not yet making improvements to their authentication strategy as company executives and disruption to users’ daily routine, each noted by 42% of those taking part in the poll.

The top two hindrances were followed by a lack of resources to support maintenance, cited by 40% of respondents; a steep employee learning curve, noted by 30%; and fear that the improvements would not work, reported by 26%.

“On the heels of recent mega breaches such as Yahoo!, in which usernames, passwords and security question responses were compromised, there’s a growing movement from individuals and businesses for an authentication overhaul,” Craig Lund, CEO of SecureAuth, says in the company statement.

“Single-factor, password-based authentication – and even many traditional two-factor approaches – are no longer enough in today’s increasingly digital world,” Lund argues.

The high costs associated with cyber attacks, “it’s in everyone’s best interest to make it more difficult for attackers to cause further damage to our economy,” he adds.

Stolen credentials are at the core of a startling number of breaches, SecureAuth reports, citing the Verizon report, 2016 Verizon Data Breach Investigations Report, which found that 63% of the attacks the company studied leveraged weak, default or stolen credentials at some point in the attack.

Related: Malware an increasingly efficient, effective way to perpetrate data breaches

“While companies are learning that password-only policies leave their organizations vulnerable, many ITDMs and C-level executives are still hesitant to evolve and update their authentication strategies,” Lund contends.

Calling it a tough balancing act, he acknowledges that “organizations must confirm user identities with the strongest forms of access control while also balancing a positive and non-intrusive user experience.”

Other survey findings include the following:

  • 99% of respondents agree two-factor authentication is the best way to protect an identity and its access, but recent news has shown that many traditional two-factor authentication methods are being circumvented by attackers in well-crafted phishing attacks;
  • 73% of those polled cited security questions or knowledge-based authentication as the most essential measure for a company to authenticate its users securely, although attackers often compromise these security questions and answers and responses to some security questions can be gleaned from social media sites, social engineering attacks and even educated guesses; and
  • 59% of polled ITDMs deemed device recognition as essential for their organization’s authentication strategy, 55% cited biometric as essential, 49% noted one-time pass codes, and 34% pointed to geo-fencing, geo-location or geo-velocity capabilities.

“Basic two-factor authentication alone is no longer enough – and it’s time for companies to adapt,” SecureAuth notes in the statement.

“Organizations are using outdated authentication approaches that require extra steps for users, and are ineffective against today’s advanced attacks,” argues Keith Graham, CTO of SecureAuth, maintaining that organizations need to evolve and strengthen defences against cyber adversaries.

“Those that are forward-thinking are implementing modern, behind-the-scenes adaptive risk checking that increases security while not getting in the way of the end-user experience,” Graham says.

“Strong security during authentication no longer has to be at the expense of the end-user,” he continues.

Related: Cyber threats increasing in sophistication, “detection deficit” still a challenge: Verizon

Print this page Share

1 Comment » for Seven in 10 polled organizations expect to do away with passwords within five years: U.S. survey
  1. Harry Wainwright says:

    The poorest opening sentence, in terms of construction, that I have read in a long time.

Have your say:

Your email address will not be published. Required fields are marked *