Traditional MFAs are Ineffective in Thwarting Cyberattacks, Reveals 2023 State of Authentication Report

SecureAuth, a leader in access management and authentication, today unveiled its inaugural State of Authentication Report, conducted by ViB Research. The report provides deep insights into the state of authentication and the latest innovation adoption trends including invisible multi-factor authentication (MFA), device trust, and passwordless technologies based on a survey of IT and security professionals from mid to large enterprises in North America.

As user credentials continue to be a top vector for cyberattacks, organizations are under tremendous pressure to rethink the effectiveness of current authentication initiatives. Additionally, cyber insurance carriers are requiring companies to demonstrate strong controls over authentication before they will provide any cyber insurance coverage or pay higher premiums. Although respondents agree that traditional MFA is better than nothing, they are most concerned with its susceptibility to cyberattacks (54%) and the friction it creates for users (30%).

The report illustrates that IT and security professionals are worried about the security risks of traditional MFA, with 55% reporting that relying on one-time passwords (OTP) using texts and phone calls leaves them open to cyberattacks. Only an alarming 5% of respondents are very confident that traditional MFA can combat credential related cyberattacks while 40% are somewhat confident. An additional 21% feel traditional MFA cannot be used as an effective hacker deterrent because user adoption rates are too low. And over half of those surveyed are either not sure or concerned that their organization will lose cyber insurance coverage if they continue with traditional MFA.

On the question about moving to a passwordless environment, a whopping 65% are planning on implementing passwordless technologies in the next 24 months. Nearly a third are planning to do so in the next six months, and another third are looking at the 12-24 month horizon.

"In FIDO Alliance's 2022 Online Authentication Barometer report, we found that password usage was down, however 70% of people still had to recover a password at least once in a given month," stated Andrew Shikiar, Executive Director and CMO of FIDO Alliance. "Although companies are offering more ways to authenticate such as legacy MFA solutions, these technologies are still easily exploitable with ?MFA bombing,' ?man-in-the-middle,' and other attacks. SecureAuth's State of Authentication Report further validates that it is time for organizations to move beyond legacy forms of MFAs and onto passwordless technologies."

Other Key Research Findings:

Authentication security is a top priority

• 84% of respondents consider authentication and access management as a top 5 security priority.
• Bottom line: These results demonstrate the importance of authentication and access management for IT and security teams in an extremely crowded market and threat landscape.

Multiple Identity Providers (IdPs) are common

• 76% of respondents use multiple IdPs, a surprising trend in contrast to the usual consolidation of cybersecurity tools.
• The respondents highlighted high-availability / failover, unique use case requirements, and preferred best of breed approach reasons.
• Bottom line: As over 80% of cyberattacks focus on credentials, practitioners need to have a back-up system in case their primary IdP product goes down or is compromised by an attack.

Device Trust is woefully underused

• Device trust isn't used at all according to 25% of the respondents.
• And under 50% of respondents use it for mobile security while only 25% use it for safeguarding Mac workstations.
• Bottom line: Organizations are missing a simple, but effective way to improve their security posture by not using device trust as the start of every user's digital journey.

"Many organizations are making steady progress in protecting customer and employee accounts and credentials from malicious activity," stated Paul Trulove, CEO of SecureAuth. "However, based on this survey, it's clear that traditional authentication approaches, which are dependent on legacy MFA, have not kept up with adversarial advancements, and more needs to be done to ensure credentials are safe from cyberattacks. It's reassuring to see that an overwhelming number of organizations are planning to implement passwordless authentication technology within the next two years. But passwordless is not enough. Organizations need to move towards continuous authentication that manages a user's entire digital journey from pre-authentication to post-authorization to be truly secure and provide users with a frictionless experience."

To download the full report, visit: State of Authentication Report.

Survey Methodology

The State of Authentication Report is a vendor-neutral research study that was independently conducted by ViB (Virtual Intelligence Briefing) Research. The report is based on a survey of 285 IT and security professionals from mid to large enterprises in North America. Participants include an even distribution of respondents across company size, titles, and industries.

About SecureAuth Corporation

SecureAuth is a next-gen access management and authentication company that enables secure and passwordless continuous authentication experience for employees, partners and customers. With the only solution that can be deployed in cloud, hybrid and on-premises environments, SecureAuth manages and protects access to applications, systems and data at scale, anywhere in the world. To find out more, please visit www.secureauth.com.

Follow SecureAuth via:
LinkedIn: https://www.linkedin.com/company/secureauth-corporation
Twitter: https://twitter.com/SecureAuth
Blog: https://www.secureauth.com/blog/