Using physical tokens as a way to enable two-factor authentication may lead to lost time and money for many companies, finds a recent study.

The study, conducted by tokenless two-factor authentication firm SecureEnvoy, polled 300 IT security professionals in London. Twelve percent of respondents waste “months” every year recovering and replacing lost tokens. An additional 10% said lost tokens also eat up weeks of management time.

The study also found that employees easily lose tokens, with seven percent of respondents having a 51% to 75% rate of lost tokens in their firms. Another 14% lost between 26% and 50% of issued tokens. At the far end of the spectrum, three percent of respondents said they lost between 76% and 100% of the tokens within their organization.

An additional section of the study looked at the use of passwords in a corporate setting. More than half of respondents reported requiring passwords as part of the log on procedure; however, 78% felt that using a secret question didn’t provide adequate security, yet 21% rely on this method in conjunction with password resets.

---

Related articles:

NCSA, PayPal publish new online safety study Exterminating the password Anatomy of a password hack