Security technologies continue to evolve as threats expand and some companies are turning to adaptive authentication as users report issues with two-factor authentication, according to a new study.
The study by SecureAuth found that 74% of respondents who use two-factor authentication admit that they receive complaints about the technology – and nearly 10 percent of users simply “hate it.”
These findings are in sharp contrast to a 2016 survey from SecureAuth in which 99% said two-factor authentication was the best way to protect an identity and access.
Amplitude Research conducted this year’s survey. The research group polled more than 300 IT decision makers and cybersecurity pros on industry concerns and perspectives on two-factor authentication.
“Users are responding to anything extra they have to carry,” says Craig Lund, SecureAuth’s CEO. “It’s what we call ‘no-friction’ in the log-in process. The log-in has to be very straightforward and as few extra steps as possible.”
With adaptive authentication, Lund says, instead of deploying a software or hardware token, all the security takes place in the background. Any remediation or alerts take place as-needed.
“If a user logs in from New York,” he says, “but an hour later logs in from Irvine, Calif., that sets off a red flag.”
The survey reports that while 56% of organizations still use two-factor authentication in many instances, 37% are using adaptive authentication and an additional 16 percent are preparing to implement or expand the technology in the next 12 months. When looking at large organizations of 2,500 or more employees, usage of adaptive authentication rises to 41%.
Therein lies the rub, says Jon Oltsik, a senior principal analyst at the Enterprise Strategy Group who covers IT security.
While Oltsik agrees that adaptive authentication can be beneficial, it’s expensive and often difficult to deploy.
“Adaptive authentication is an enterprise type of application,” Oltsik says. “Given that more than 40% of the sampling in this survey is of companies with fewer than 500 employees, I think a technology such as adaptive authentication would be low down on their priority list. Companies of that size won’t be leading-edge consumers.”
However, the SecureAuth survey does point out that while only 24% of small businesses were likely to deploy adaptive authentication, 73% of survey respondents from small companies say they were concerned about the potential misuse of stolen credentials and identities to access their organization’s assets and information.
“Remember that small companies often can only afford one security professional,” adds Oltsik. “So they have to decide what that person is going to spend their time on.”