As data breaches and increasingly sophisticated phishing attacks continue to drive online account compromise and financial loss, organisations are finally stepping up strong authentication and investing in stronger, phishing-resistant forms of authentication.“
The report, The State of Strong Authentication 2019 analyses the state of customer and enterprise (employee) authentication and draws conclusions on the role strong authentication is playing in protecting accounts and securing access to valuable data and critical systems.
“The increase in strong authentication adoption makes sense given that while data breaches, phishing threats and regulatory pressures have risen, the financial and user experience costs associated with implementing strong authentication have decreased,” said Al Pascual, senior vice president and research director, Javelin Strategy & Research.
“What’s less encouraging is that we are finding that the holdouts believe passwords alone are sufficient security. These companies need to realise that even data they may think is low-risk can provide significant value to fraudsters and expose them to regulatory scrutiny. As such, they need to make plans to move to strong authentication now or they will find themselves an attractive target for cybercriminals.”
In the report, Javelin’s key findings and recommendations show:
-
Strong authentication implementations have grown dramatically since 2017. The number of organisations using cryptographically-backed strong authentication, where one of multiple authentication factors uses public key cryptography, has tripled since 2017 for consumer authentication and increased by nearly 50% for enterprise authentication in the same period. This form of authentication is not susceptible to phishing, man-in-the-middle and/or other attacks targeting credentials – which are known vulnerabilities with passwords and one-time passwords (OTPs). - Regulation is accelerating strong authentication adoption. Nearly 70% of businesses agree they face strong regulatory pressure to provide strong authentication for their customers. This is attributed to the introduction of PSD2, along with data protection regulations in the EU and US states such as California.
- Strong authentication holdouts are underestimating risks to their businesses and customers. Two-thirds of businesses that use only passwords to authenticate their employees do so because they believe passwords are “good enough” for the type of information they are protecting, despite cybercriminals’ continuing to target a wide variety of consumer and business information.
- Not all strong authentication is created equal. According to Javelin, adopting strong authentication solutions that are based on standards and employ cryptographic security can help organisations lower the cost of keeping up with regulation, customer expectations and increasingly sophisticated fraud schemes.
- It’s time to sunset OTPs. With cyber criminals using social engineering, phone porting and malware to compromise OTP authenticators, Javelin recommends moving away from them and adopting cryptographically-backed strong authentication.
The report includes case studies from Google, Tradelink and Visa, all of which are leveraging authentication to provide stronger protection for customer and employee accounts.
To download the report CLICK HERE
The post What is the state of strong authentication in 2019 appeared first on Payments Cards & Mobile.
