Adaptive Authentication Adoption Rises as 2-Factor Dissatisfaction Grows

A new survey of 300 IT decision makers and cybersecurity professionals found that nearly three in four (74 percent) who use two-factor authentication (2FA) admit they receive complaints about it from their users, and nearly 10 percent of them just “hate it.”

At the same time, adoption of adaptive authentication is growing.

The SecureAuth survey was commissioned in conjunction with Amplitude Research. It shows a noticeable turnaround from a 2016 survey, which revealed 99 percent of IT departments believed two-factor authentication was the best way to protect an identity and its access.

Larry Kraft, SecureAuth’s vice president of worldwide channels, tells Channel Partners the security landscape is changing rapidly, and traditional two-factor authentication is “simply not enough to keep pace with today’s modern threats.”

“Our survey results reveal that there is a new view of what is required to be secure from an authentication perspective,” he said. “There is a big opportunity for channel partners who can shift their focus from the old way of looking at authentication security to the new way, which harnesses adaptive authentication. This presents channel partners with an opportunity to leapfrog their competition by delivering game-changing security solutions to their customers.”{ad}

With adaptive authentication, a business can select which authentication factors are appropriate to apply based on a user’s risk profile and tendencies.

While more than half (56 percent) of organizations are using 2FA in some capacity, either across the organization or in certain areas, more than one-third (37 percent) are using adaptive authentication. Another 16 percent are preparing to implement or expand adaptive authentication in the next 12 months, the research revealed.

When examining large organizations with 2,500 or more employees, the use of adaptive authentication rises to 41 percent. Additionally, 20 percent of medium-size businesses with 250-2,499 employees are planning to implement or expand adaptive authentication in 2017.

“These findings indicate there is an upheaval for adaptive authentication solutions beyond 2FA and the traditional password,” said Craig Lund, SecureAuth’s CEO and founder. “Organizations are already implementing stronger methods of user authentication, including adaptive access control and multi-factor authentication. By layering adaptive techniques such as device recognition, geo-location, the use of threat services and even behavioral biometrics, organizations can verify the true identity of the end user while still providing positive user experience.”

IT decision makers from small organizations were significantly less likely than those from larger organizations to implement or expand adaptive authentication in the next 12 months (24 percent versus 42 percent). Despite their lack of implementation, nearly three in four (73 percent) of the respondents from small organizations said they were concerned about the potential misuse of stolen credentials and identities to access their assets and information. It is clear that smaller budgets have left small organizations vulnerable to breaches by way of stolen credentials, according to SecureAuth.

“To better assist smaller organizations with smaller budgets, channel partners must establish themselves as trusted advisers by delivering solutions for their SMB customers that are both affordable and embrace adaptive authentication,” Kraft said. “Most often these are cloud-based solutions.”