With the devastation of the Yahoo and Equifax breaches now very clear, businesses remain woefully behind the times when it comes to authentication technologies, suggest the key findings of Javelin Strategy & Research’s “2017 State of Authentication Report“.
Commissioned by the FIDO Alliance, the report is based on two online surveys of 200 businesses using online authentication for customers and another 200 using online authentication for employees. It found that half the businesses surveyed used at least two factors for customer authentication, but only 35 percent of the enterprise respondents used two factors for the authentication of employees. And the weakest mechanisms are still the most popular, with 31 percent of businesses using passwords and questions, and 25 percent using one-time passwords sent via SMS.
As for more advanced options, “Factors predicated on possession such as a security key or on-device biometrics remain the exception and not the norm,” according to a report summary. And this despite the growing availability of products – especially widely available consumer devices – that can offer such strong authentication methods.
While the findings will be disheartening to many, more positive trends can be seen elsewhere. FIDO’s authentication standards continue to be adopted more and more widely, and the ecosystem of FIDO certified products is growing. At the same time, fingerprint-based authentication is now widespread on mobile devices, and Samsung is now pioneering mobile iris recognition while Apple is poised to promote 3D facial recognition. Security technologies are advancing, and the enterprise sector needs to catch up.