Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Multi-Factor IT Authentication Hampers Progress, Say 47% US Companies
Newest First  |  Oldest First  |  Threaded View
MarkSitkowski
MarkSitkowski,
User Rank: Moderator
9/28/2017 | 7:32:01 PM
Re: 47% of companies are just hampered
If multi-factor authentication gets in the way, or takes too long, then you're doing it wrong. Our authentication system uses 3-Factor authentication, where the second and third factors are totally user-transparent, which only leaves the user the task of entering a password - obfuscated, of course...
FranoisA022
FranoisA022,
User Rank: Apprentice
9/12/2016 | 9:50:23 AM
Re: 47% of companies are just hampered
Hi Brian, 
I agree that multi-factor authentication is a safe option to protect data, and the more layers of security you have, the safer your data is.
However, the aim of this report is to reflect the reality of today's digital workforce. Users are demanding fast access to be effective, and in some industries — for example healthcare — fast access can literally be the difference between life and death.

The report also emphasises the frustrations that IT managers are facing with multi-factor authentication with regard to disruption on existing infrastructure.

IS Decisions's argument, therefore, is that if an alternative to multi-factor authentication exists that doesn't impede end users or frustrate IT managers but ticks all the security boxes, then that alternative is worth investigating. Without these alternatives, it avoids the very real case of organizations failing with MFA and leaving the network protected by ONLY native Windows passwords.

Without these alternatives, it avoids the very real case of organizations failing with MFA and leaving the network protected by ONLY native Windows passwords.
jcavery
jcavery,
User Rank: Moderator
9/11/2016 | 11:13:08 AM
Re: 47% of companies are just hampered
good points Brian, and if 22 minutes bothers them, imagine how ticked off they will be when they need to reimage or sanitize their entire network. two factor might not be convenient, but it's a good defense for now, and it will improve as time goes on. I don't like using it either, but it works
BrianB28401
BrianB28401,
User Rank: Apprentice
9/9/2016 | 11:06:11 AM
47% of companies are just hampered
The fact that this survey suggests that multi-factor authentication is a productivity issue and is not the way to go at this time is a bit disturbing.  They point out that the NIST states that SMS messages for multi factor authentication is insecure is true, however the NIST also insists that multifactor is the best way to go currently.  The insecurity is the SMS portion and not the multifactor part.  Don't use SMS. They suggest biometrics or tokens.  The productivity issue with multi-factor authentication is just entities fighting change because as we all know change is scary.  Using the 22 minutes per week wasted point that they brought up and using the same logic will dictate that the coffee or break room is removed.  I would think that at least 22 minutes per week is lost due to coffee refills or bathroom breaks.  I will borrow a line idea from the movie "Office Space".  They are using their "Jump to Conclusions Mat" with this one.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35942
PUBLISHED: 2022-08-12
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...
CVE-2022-35949
PUBLISHED: 2022-08-12
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...
CVE-2022-35953
PUBLISHED: 2022-08-12
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...
CVE-2022-35956
PUBLISHED: 2022-08-12
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...
CVE-2022-35943
PUBLISHED: 2022-08-12
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...