Multi-Factor Authentication Sees Huge 40% Jump in 2016

[Exterminator]

The use of multi-factor authentication (MFA) has jumped by more than 40% year-over-year in 2016.

According to a survey from SecureAuth Corp., in 2015, 66% of organizations were using MFA in some capacity. In 2016, that number has jumped to an impressive 93%.

More than half (51%) are using MFA across the organization, while 38% have implemented it in some areas. About four percent of respondents are on the bleeding edge of identity access management, having shed the use of passwords entirely in favor of adaptive authentication.

In looking ahead to 2017, more than 30% of organizations are looking to expand or implement MFA in the next 12 months.

“Using a second-factor can be a deterrent but is no longer enough against attacks, and organizations must evolve their methods to safeguard critical points of access such as Single Sign-On (SSO) portals and the VPN,” said Keith Graham, CTO of SecureAuth. “By implementing adaptive access authentication, organizations can both eliminate that threat vector and provide an outstanding user experience. The latest advances in adaptive authentication include transparent techniques, such as device recognition, geo-location, the use of threat services, and even behavioral biometrics.”

Drilling down further, large organizations, with more than 2,500 employees, are adopting MFA at a higher rate. The findings reveal that 63% are using MFA across their organization with 21% choosing adaptive authentication over traditional two-factor authentication (2FA). It also showed that medium-sized businesses, those with 250-2,499 employees, are the most interested in MFA in 2017, and 41% plan to implement or expand their MFA deployments.

In contrast, small organizations (fewer than 250 employees) are the least likely to use MFA. About a fifth (21%) are not using any form of MFA and have no plans to implement it in the next 12 months.

The study also looked at awareness and found that 82% of respondents reported a concern about the misuse of stolen valid credentials to gain access to the organization’s assets and information. Gaining access with stolen usernames and passwords is one of the most common methods that attackers use during a breach—so these fears are not in vain.

“It goes hand-in-hand that the increased implementation of multi-factor authentication and growing interest in expanding its use within organizations is driven by the top concern of misuse of stolen credentials,” said Graham. “Again and again, we see in many high-profile, and not so high-profile breaches, bad actors gaining access to organizations using valid credentials that have been compromised in some way.”

Given the broad awareness of cybersecurity issues across the populace, one would expect to see a significant budget allocation to fight cyber-criminals. In fact, 60% of organizations plan to increase cybersecurity spending in 2017—with one in five project increases of at least 20%. Yet when compared to 2015 data, 95% of respondents expected a spending increase and 44% projected 20% or more in additional funding. This decrease may reflect a slowing pace in cybersecurity funding. Perhaps more telling, when asked to list the biggest security challenge they expect to face in 2017, nearly half of respondents (49%) called out getting enough budget to everything critical in IT security as the biggest concern their organization will face in 2017.

Although Multi Factor Authentication is not nearly enough to prevent attacks it is a deterrent and one that most should embrace.
Cyber Crime fighting budgets are really not what they should be which leaves organizations,businesses and the average Joe to fend for themselves.

 

[MalwareBlockerYT]

Thanks for the post @ Exterminator!

I have been using MultiFactor Authentication on all accounts that support it for the last year or so - ever since I also started to use KeePass 2.0 & generate 75 character passwords

 

[Svoll]

My first exposure to MFA was something called Blizzard Authenticator (Hello WoW fans!) and have adopted it gradually over the years. MFA vastly improved over the last year or so, most sites you no longer have to manually enter in the keys and are given prompts to approve or deny and have gotten a lot more user friendly and less of a hindrance.

Can't wait to see what MFA has in the future for 2017 and beyond, I am certain cyber criminals are finding methods to defeat it.

 

[frogboy]

Here at MT was the very first time i used MFA. These days i sure do use it a lot more often.

 

[DJ Panda]

Might try a password manager now as well as MT's MFA email verify. Really don't have that much of a chance for such things since they involving phones which I don't own one.

 

[shmu26]

Might try a password manager now as well as MT's MFA email verify. Really don't have that much of a chance for such things since they involving phones which I don't own one.

yes, that no phone issue is a deal-breaker for me. I do have a cell phone but can't receive SMS on it. Besides that, I don't have good reception in my work room.