CONTINUE TO SITE »
or wait 15 seconds

News

Despite better alternatives, outdated authentication methods persist

October 27, 2017

Businesses continue to rely on passwords, and those that are implementing additional authentication factors often choose outdated options such as static questions and SMS one-time passwords that leave them vulnerable to a data breach.

These are the findings from the "2017 State of Authentication Report" released by Javelin Strategy & Research and sponsored by the Fido Alliance. Javelin recommends that businesses adopt high-assurance strong authentication, which employs public key cryptography as one of many factors, to bolster security.

According to the report:

  • In most cases, the only thing between the company IP and hackers is a password — More than half of all businesses use only passwords to protect company IP and financial data.
  • Companies are more likely to offer strong authentication to customers than employees — Half of businesses offer at least two factors when authenticating customers but only 35 percent use it to authenticate employees to data and systems.
  • Companies rely upon knowledge, not possession — Businesses use passwords plus static questions (31 percent) or SMS OTPs (25 percent) as additional factors for customer authentication online. In enterprise, the next most common authentication method to passwords is static questions (26 percent).
  • Integration and user experience are the priority — if a solution has a perceived negative impact on the user experience, companies will resort to the easier second factors like static security questions.

"[I]t's time to set a new yardstick with which to measure strong authentication methods, with the strongest deemed high assurance," Al Pascual, senior vice president and research director at Javelin, said in the release. "Many consumer devices are coming equipped with built-in capabilities that enable high-assurance strong authentication, reducing costs and complexity for all stakeholders. We believe that the adoption of high-assurance strong authentication will only increase in the months and years to come — and data breaches as the result of credential theft to decline."

The report is available for download at the Fido website.

Related Media

Recent Posts
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims
NCR Atleos earns #5 rank in fintech rankings
SEC to revamp cryptocurrency policies amid Trump's pro crypto push


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'