Two-Factor Authentication To Become Widely Adopted In 2008

OVERLAND PARK, Kansas – A new survey conducted last month by Positive Network, makers of security products and services, concludes two-factor authentication will become more widely adopted in 2008 because of respondents’ concerns over personal and corporate data breaches.

The survey, entitled “IT Security & Authentication: Key Concerns in 2008,” interviewed over 300 IT professionals from across the United States on issues relating to security, authentication and other concerns which network security professionals should be prepared to face this year.

About 20 per cent of respondents admitted to a breach that included some loss of sensitive data or allowed access to restricted resources. 58 per cent of respondents rated their company s current authentication systems as only somewhat secure or worse. 78 percent of respondents did not believe usernames and passwords provided an adequate level of security.

Positive Networks indicated that cost (33 percent), time to deploy and manage (29 percent) and user inconvenience (23 percent) as reasons why companies haven’t adopted two-factor authentication as of yet.

The survey indicated that traditional two-factor solutions average $30-$50 per user per year and most require complex and costly implementations. Ongoing support and maintenance costs can be high, including an average of three per cent replacement rate for lost or broken devices. Users have not responded well to carrying additional devices such as tokens.

But to help improve two-factor solutions, the Positive Networks survey noted that respondents support the idea that a phone (mobile or landline) could be used as the second factor in two-factor authentication to increase user adoption rates. They suggested that mobile phone use among professionals was nearly ubiquitous, and 72 percent mentioned that their company provided mobile phones for some portion of their employees to use.

“It is no longer acceptable for companies to rely on usernames and password to protect sensitive data,” said Evan Conway, executive vice-president and chief privacy advocate with Positive Networks. “PhoneFactor has made secure two-factor authentication inexpensive and simple for both administrators and end-users.”

PhoneFactor is Positive Network’s two-factor authentication that uses an ordinary telephone as the second authentication factor.

Other findings of the report included that respondents indicated security was a top concern for them in 2008. Over half of survey respondents reported their company was extremely focused on providing more security around sensitive data with an additional 41 per cent indicating a moderate level of concern and a focus on additional research. Only five per cent indicated that IT security was not a priority for 2008.

Additionally, one in five respondents (virtually all IT professionals) has experienced identity theft personally. Most take some precautions 96 percent use strong passwords, 37 percent change their passwords at least once a month, and 57 per cent do not use the same password for multiple logins.

Positive Networks said that the innovations of new technologies for two-factor authentication will make user adoption easier to manage and less expensive for companies to implement.

This column was written by Vanessa Ho of ConnecIT