Passwordless options, biometrics love grow, but legacy authentication lingers
Authentication plays a crucial role in an organization’s security strategy. Many companies are exploring options to ensure access is only granted to those who should have it.
A Thales multifactor authentication launch coincides with surveys from Yubico and Bitwarden conducted to better understand how users are actually being authenticated and how that translates into interest in biometrics.
Thales has launched its SafeNet eToken Fusion Series, USB tokens that combine FIDO2 and PKI/CBA authentication.
The company says the tokens protect Microsoft Azure Active Directory (Azure AD) users from account compromise and provide more robust cloud and web application-access security. They also offer phishing-resistant, passwordless authentication methods and are available in different form factors.
According to Thales, the tokens also help organizations meet compliance needs for cybersecurity standards.
The token is available now and will be demonstrated at the RSA Conference 2023 in San Francisco.
Survey reveals broad use of least-secure authentication
The survey finds that 59 percent of enterprises experienced a recent data breach, yet 91 percent still rely on user names and passwords as their primary form of authentication. It also highlights the impacts of government and regulatory compliance on authentication strategies.
“And even though businesses know legacy MFA tools are not effective to stay secure, we’re seeing they’re still using them as primary tools of defense,” says Ronnie Manning, chief marketing officer at Yubico.
The survey shows that only 46 percent of respondents use MFA to protect their enterprise applications. The least-secure methods, such as passwords and SMS-based MFA, are often deployed.
User name and password is the most popular form of authentication with 91 percent respondents. USB security keys (62 percent), biometrics (59 percent), passwordless MFA (58 percent) and smart cards (58 percent) are the least deployed. Additionally, 69 percent of respondents are concerned about the security of SMS or push-based authentication.
Bitwarden sees growing interest in passwordlessness
Bitwarden has released its third annual global password management survey, revealing that users continue to reuse passwords and ignore cybersecurity risks. Still, there is interest in biometrics.
The survey revealed that most global (56 percent) and U.S. (57 percent) respondents were excited about passwordless methods including biometrics, passkeys and security keys. Of the U.S. respondents using passwordless authentication, 40 percent prefer biometrics such as face, fingerprint and voice recognition for “something you are.” In comparison, 33 percent would consider a PIN, name or word for something you know. Globally, 50 percent of respondents use or consider using “something you are” authentication.
The survey delivered encouraging news about passwordless methods and 2FA, says Bitwarden CEO Michael Crandell.
U.S. respondents who reported not being excited about passwordless authentication cited a few qualms. The majority (55 percent) preferred to use their memories instead of finger or face ID. In comparison, 36 percent expressed concern that someone may use their biometric data maliciously.
U.S. respondents also revealed that 22 percent reuse the same password for over a decade and 26 percent were affected by a data breach in the past 18 months. Additionally, 93 percent are concerned about cybersecurity threats, while 71 percent manage passwords for 10 or more sites.
The 2023 survey also investigated password-sharing habits and the use of password managers in the workplace. Forty-seven percent of U.S. respondents reported sharing passwords for TV streaming services, compared to 31 percent, 28 percent and 31 percent, who shared passwords for social media, banking and music-streaming apps, respectively. Additionally, 31 percent of U.S. respondents said they must use a password manager at work. This number was higher than the global average of 23 percent.