Yubico, a provider of hardware authentication security keys, announced the results of a new research study, Work-from-Home Policies Driving MFA Adoption, But Still Work to be Done, conducted in partnership with 451 Research. The report analyzes preferences and adoption trends with respect to multi-factor authentication (MFA) in the enterprise and ultimately reveals that while MFA adoption and
The research also highlights barriers to more widespread MFA usage such as inconvenience, complexity and cost. Furthermore, many enterprises remain unaware of the security defects found within more common mobile MFA form factors, such as SMS-based authentication, which has been widely deprecated for years.
Key findings from the survey include:
- MFA spending trends are encouraging with nearly three out of four respondents (74%) planning to increase it. It was the top security technology to be adopted due to COVID-19 and the subsequent migration to WFH (49%).
- Over half (53%) of all respondents have experienced a security incident or breach in the past year, and MFA was among the top three security technologies adopted as a response to a security breach.
- Increased security is the number one reason enterprises are adopting MFA, with 57% of respondents reporting. User experience (43%), complexity (41%), and cost (36%) are the main obstacles to MFA adoption.
- Despite the increase in security vulnerabilities for mobile and SMS-based MFA, mobile OTP authenticators (58%), mobile push-based MFA (48%), and SMS-based MFA (41%) are among the most popular MFA form factors other than passwords. This reveals that enterprises may still perceive mobile MFA as being more user-friendly and accessible than other MFA options and are prioritizing user experience over security benefits despite reporting otherwise.
- Many organizations rely heavily on SMS-based authentication, but only 22% perceive security of this form factor as an issue despite growing evidence of breaches and attacks exploiting mobile or SMS-based authentication methods.
- Enterprises stop at privileged users when it comes to usage of MFA but breaches are showing that lower-level employees can leave an organization vulnerable by being a “way in” for adversaries. The research shows that privileged users and third parties (contractors, consultants, partners) are the most likely to use MFA, while end customers are the least likely.
- FIDO2 and passwordless authentication are gaining momentum as ways to address traditional MFA pain points as more than half of the organizations surveyed (61%) have either deployed or have passwordless authentication in pilot (34% of respondents have already deployed passwordless technology, 27% in pilot).
Download the complete report here, and for a deep dive into the findings from this report, sign up for the upcoming Yubico webinar, Remote Work During COVID-19 Drives MFA Adoption, at 10 a.m (PT), May 18.