LONDON, UNITED KINGDOM--(Marketwired - February 01, 2017) - SecureAuth Corporation, the leader in adaptive access control, today reveals that many organisations are waking up to the data breaches of 2016 and are adopting a fundamentally new approach to authentication. With a stark 83% (4 in 5) of IT decision makers (ITDMs) predicting their organisations will be passwordless in five years' time, it is evident organisations are moving beyond passwords, and even simple two-factor authentication (2FA) to stronger methods to prevent the misuse of stolen credentials.
A deeper dive into the data finds that in five years' time:
-
Southern organisations are more likely to move beyond passwords compared to their Northern counterparts (86% vs. 60%)
-
Only two in ten (17%) still intend to deploy passwords as the sole means of authentication
-
Nearly half (49%) of millennial ITDMs think their organisation will do away with passwords, compared to only a third (32%) of 35-54 year olds
-
Our US counterparts are further behind the curve, with only 69% of ITDMs saying they would phase out passwords in this time frame
When asked which identity and access methods they predict to have implemented in five years' time nearly half of respondents said physical biometrics (49%), followed by device recognition techniques (30%), 2FA (30%) and geographic capabilities (29%).
The Rise and Fall of Two-Factor Authentication
Following a similar survey last year, the implementation of 2FA has grown by 40% from 2015 to 2016 (2% vs. 42%), but will fall to 30% in 2021. With the General Data Protection Regulations (GDPR) coming into place in 2018, which says all organisations must have at least 2FA in place or face potential fines of up to EUR20 million or 4% of global annual turnover, participants are divided on its protective capabilities. While 47% think it's the best way to defend an identity, more than half of IT professionals (52%) disagree.
"It's not surprising to see a divided opinion of 2FA, ITDMs face an ongoing battle as they feel they are forced to choose between increased security and good user experience. This is a paradigm for the old, broken approach that lets attackers through the front door," said Keith Graham, SecureAuth chief technology officer. "It is possible to both strengthen security and not interfere with users' experience with adaptive authentication techniques. This fundamentally new approach integrates with existing infrastructures to perform risk-analysis that simultaneously strengthens prevention, detects risks and works invisibly to the user."