More than two-thirds of IT decision makers want to do away with passwords in the next five years, according to a survey of 200 IT executives from SecureAuth Corp.

It’s no secret that stolen or compromised credentials are the cause of more than 60% of the breaches. Multi-factor authentication would staunch the bleeding but enterprises are slow to adopt, according to the survey conducted by Wakefield.

On average, organizations are protecting 56% of their assets with multi-factor techniques. When asked why they had not yet made improvements to their authentication strategy, Wakefield respondents cited resistance from company executives and disruption to users’ daily routine as the top hindrances – tied at 42%. Other reasons for not adopting an improved authentication strategy include: lack of resources to support maintenance – 40%; steep employee learning curve – 30%; fear the improvements wouldn’t work – 26%.

Some of those surveyed were still relying on older tech for security. The survey found that 99% say that text-based two-factor authentication was the best was to protect IT resources. While it’s a step in the right direction a number of attacks have emerged that circumvent this authentication mechanism.

Some 73% of those surveyed also thought that knowledge-based authentication was an essential measure for a company to authenticate its users securely. Attackers often compromise these security questions and answers, greatly increasing an individual’s exposure to cybercriminal attacks. Responses to some security questions can also be gleaned from social media sites, social engineering attacks and even a cybercriminal’s educated guess.

Organizations are starting to look at other authentication systems:

• Device recognition — 59%
• Biometric, such as fingerprint, facial, or iris scans — 55%
• One-time passcodes — 49%
• Geo-fencing, geo-location, or geo-velocity capabilities — 34%

---

Related articles:

Moving identity proofing online Giving the user control of online identity What is an identity ecosystem?