Adaptive Authentication on the Rise as 2FA Fervor Wanes

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Security adoption is inherently tied to usability. And unfortunately, three-quarters of respondents in a recent SecureAuth survey who use two-factor authentication (2FA) admit that they receive complaints about it from their users—and nearly 10% of them just “hate it.”

That 74% dissatisfaction rate is a noticeable turnaround from the 2016 SecureAuth survey, which revealed 99% of IT departments believed two-factor authentication was the best way to protect an identity and its access.

“It’s not surprising that organizations are receiving an increasing amount of complaints about 2FA,” said Craig Lund, CEO and founder of SecureAuth. “IT professionals face an ongoing battle as they are frequently forced to choose between user experience and increased security. This should be a false paradigm in 2017. Adaptive authentication solutions provide world-class security without impacting usability. That’s because risk checks are done without users even being aware of it—and two-factor authentication is applied only if risks are detected.”

Adaptive authentication is a method for selecting the right two-factor or multi-factor authentication factors depending on a user’s risk profile and tendencies—in other words, for adapting the type of authentication to the situation. To implement this, the system admin can set static policies defining risk levels for different factors, such as user role, resource importance, location, time of day, or day of week; and/or, the system can learn the typical activities of users based on their tendencies over time. This learned form of adaptive authentication is similar to behavioral correlation.

The survey reveals that while 56% of organizations are using 2FA in many instances, 37% of IT decision-makers are moving towards adaptive authentication. In addition, a further 16% are preparing to implement or expand adaptive authentication in the next 12 months.

Further, when examining large organizations (2,500 or more employees), the usage of adaptive rises to 41%. Additionally, 20% of medium-sized businesses, those with 250-2,499 employees) are planning to implement or expand adaptive authentication in 2017.

On the flip side, IT decision makers from small organizations were significantly less likely than those from larger organizations to implement or expand adaptive authentication in the next 12 months (24% and 42%, respectively). Despite their lack of implementation, 73% of the respondents from small organizations said they were concerned about the potential misuse of stolen credentials and identities to access their organization’s assets and information. A key component for this contrast may be found in cybersecurity spending; for example SecureAuth’s December 2016 survey revealed a slowing in budget increases between 2015 and 2016. It is clear that smaller budgets have left small organizations vulnerable to breaches by way of stolen credentials.

“These findings indicate there is an upheaval for adaptive authentication solutions beyond 2FA and the traditional password,” says Lund. “Organizations are already implementing stronger methods of user authentication, including adaptive access control and multi-factor authentication. By layering adaptive techniques such as device recognition, geo-location, the use of threat services, and even behavioral biometrics, organizations can verify the true identity of the end user while still providing positive user experience.”
 

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
I agree that its troublesome and I do use it. One of the best implementation of 2FA I have seen is a popup on your device to allow or disallow. That requires almost no effort and I love that function for every site I use. For now its only Blizzard and Microsoft that I have encountered with such ease of 2FA.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top