Like an eager sprout, strong authentication continues to grow, according to the new “2017 State of Authentication Report,” sponsored by FIDO and produced by Javelin Strategy & Research. But the evolving method of securing consumers and businesses online still labors in the shadow of passwords, so “ubiquitous” that current applications of multifactor authentication are “being undermined.”

50 percent of businesses offer two-factor authentication for their customers but only 35 percent use two or more factors to secure access to their own data and systems.

The State of Authentication Report, which runs for 32 pages, also found that strong authentication—which ideally includes two or more factors with at least one leveraging public key infrastructure through a protocol such as FIDO to prevent replay attacks—is “broadly available” for consumers, though adoption lags with enterprises. The report said that 50 percent of businesses offer two-factor authentication for their customers but only “35 percent of businesses use two or more factors to secure access to their data and systems.”

The report on strong authentication comes as the stakes increase for security. “We are at a point where billions of stolen credentials barely make headlines anymore,” said Brett McDowell, executive director of the FIDO Alliance, during a recent webinar that promoted the Authentication Report. “That’s how bad it has become.”

That’s not to say everything is dim for strong authentication. As more consumers rely on mobile devices for shopping, work and proving their identities, that trend stands as a “clear driver of traditional strong authentication,” the report said. Mobile devices, after all, enable possession-based authentication—think SMS one-time passwords, for instance—and inherence-based authentication—that might include fingerprint scanning and voice recognition.

Authentication report details steps organizations should take

2017 State of Authentication Report

For organizations seeking to bolster their strong authentication capabilities, the report recommends:

• Having at least one authentication method that leverages PKI.
• Informing customers that you are taking steps to better secure data, which not only helps with public relations and marketing, but also can make criminals think twice about targeting your business.
• In the aftermath of a breach, “supplementing and possibly replacing knowledge factor solutions,” the report said. “In the event of a breach, businesses would do well to layer additional, high-assurance authentication solutions simultaneously with their remediation plan.”
• Make high-assurance strong authentication a differentiator when emphasizing the value proposition with prospective clients.

---

Related articles:

Exterminating the password Anatomy of a password hack Cybersecurity: Taller walls, deeper moats but the front gate is unguarded