Yubico Calls on Businesses to Move Away from Legacy Authentication Methods

Yubico, the hardware authentication security keys provider, has released a new research report that reveals the top multi-factor authentication (MFA (News - Alert)) trends among businesses in the U.S. and Canada. The report surveyed more than 500 IT leaders and explored the critical forces shaping authentication, including the impacts of government and regulatory compliance. It is the sequel to a study commissioned by Yubico in 2021, demonstrating how sentiments and behaviors have shifted when it comes to the adoption of MFA.

For those unfamiliar with Yubico, the company has been a leader in the hardware authentication security keys market for over a decade. Founded in 2007, the company has created security solutions based on an open standard and is a co-founder of the FIDO Alliance, which is dedicated to developing open, interoperable authentication standards. Yubico has developed the YubiKey, which is a security key that provides strong multi-factor authentication and eliminates the need for passwords.

Over the last two years, respondents reported a continued reliance on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords (OTPs). This is surprising considering 59% of respondents reported having a security breach within the past year, up 6% from just two years ago. Additionally, the report revealed a significant increase in MFA deployment for customers, which jumped to 57% from 45% (a 12% increase).

"Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we're seeing they're still using them as primary tools of defense," said Ronnie Manning, chief marketing officer of Yubico. "Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world."

The survey results showed that only 46% of respondents protect their enterprise applications with MFA. Nearly 74% have some level of concern about the security of SMS or push-based authentication. In general, the least secure methods of authentication such as passwords and SMS-based MFA are deployed most frequently. Username and password rank at the top with 91% response selection, while hardware-based USB security keys (62%), biometrics (59%), passwordless MFA (58%), and smart cards (58%) are the least deployed. Nearly three-fourths (69%) of respondents have some level of concern about the security of SMS or push-based authentication.

"These survey results show a clear disconnect between the reality we're facing of constant rising threats of sophisticated cyberattacks like phishing, and the actions that businesses are taking to stay secure," said Manning. "There remains a considerable gap between the security and useability tradeoff of MFA tools, and this is highlighted by some confusion regarding phishing-resistant MFA and how the most secure tools like security keys can actually offer the best balance of cost savings and ease-of-use."

The survey also revealed critical forces shaping authentication and a foundation for the adoption of modern MFA, including the Executive Order (EO) on Cybersecurity issued by President Biden in May of 2021 in response to the US Office of Management and Budget issued Memo M-22-09. Nearly two-thirds (64%) have heard of the White House EO and related OMB guidance regarding phishing-resistant MFA, and 91% of respondents report being familiar with FIDO standards.

It's clear that many organizations have responded to the call for more secure forms of authentication, but there is still a need to spread awareness and increase education around phishing-resistant MFA overall.

Yubico's report on MFA trends provides a timely reminder of the importance of transitioning from legacy authentication methods to more secure and phishing-resistant methods, such as hardware-based authentication.

[ Back To TMCnet.com's Homepage ]