PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Multi-factor Authentication is Picking Up Speed!

Tim Sloane by Tim Sloane
March 18, 2016
in Analysts Coverage
0

Black perforated sheets

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

This article in Information Age asks the question “Is multi-factor authentication finally picking up speed?,” but the answer within the financial sector is of course a definitive yes!

First the article describes what multi-factor authentication is:

“As the number of mobile devices and wearables in the workplace grows, and the adoption of enterprise cloud and mobile applications continues to increase, the reliance on passwords, and the associated risks, increases accordingly.

Multi-factor authentication (MFA) has long been talked about in the security industry, with many disregarding its value. But as IT teams tackle the rising tide of hacks and breaches, which are putting reputations, careers and customer loyalty on the line, organisations, including the likes of Amazon, are quietly embracing MFA as a means to secure their networks.

Why the slow burn?

MFA has tended to be reserved either for only the most sensitive or vulnerable accounts, or implemented in standalone silos for specific apps or services due to lack of platform coverage.

For example, MFA might be used to access SaaS applications but not for accessing VPNs, on-premise apps or logging onto a mission-critical server.

Furthermore, MFA has historically been either ‘on’ or ‘off’, which resulted in constant prompting for MFA at every login. Couple that with the cumbersome nature of physical tokens, and you had a recipe for annoyance and revolt for average users who were simply trying to get work done.

As such, the results of using MFA have been a mixed bag so far. Unless there is the same level of security consistency across the organisation, some parts of the network will remain more vulnerable than others.

Despite the constraints, MFA holds great potential. According to research firm MarketsandMarkets, the global MFA market is predicted to be worth 9.6 billion dollars by 2020.

MFA can take different guises. It involves combining additional ‘factors’ – such as something an individual has (like an ATM card or smart card) or something a user is (such as a biometric characteristic like a fingerprint or retina scan) – alongside something the user knows, like a password.

An account or device cannot be accessed by one factor without the other.

At the most simplistic level, consumers have been using MFA to access their bank accounts using an ATM machine for years. They gain access via the card (something they have) and the PIN to their account (something they know).

The financial services sector continues to lead the way in MFA applications with the recent announcement that MasterCard customers will be able to replace passwords with ‘selfies’ and fingerprints when shopping online.”

The article next discusses the use of multi-factor authentication by businesses for employees and the problem of employees circumventing the solution when it is too cumbersome

“Now, the time has finally come for MFA to step up to the mark and bring the same levels of security to the workplace.

The increased use of mobile devices is helping the adoption of MFA as most people keep their phones close to hand. For example, additional forms of authentication – such as responding to a push notification or SMS to a phone, having to enter a secure One Time Password (OTP), clicking on a link from an email, touching a fingerprint sensor on a smartphone, or responding to a voicemail – can verify a person’s identity.

However, as with all security solutions, they are only as good as the people using them.

A recent Centrify survey found that 69% of wearable device owners say they forego login credentials, such as PINs, passwords, fingerprint scanners and voice recognition, to access their devices.

Presumably this is because they don’t want the perceived additional hassle of having to go through additional steps in order to access the device.

This is concerning given that 56% of wearable owners use their devices to access business apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs, Microsoft Office, or a combination of those.

Put simply, users don’t want additional hoops to jump through when they are trying to get on with their job. Yet, as attackers get more aggressive and sophisticated, organisations need to get serious about layering on additional factors of authentication across the enterprise, whether it’s for employees, contractors, outsourced IT, partners or customers.

>See also: The three elements to getting customer authentication right

There is a fine line between having an additional layer of security in place and user tolerance. If the system is distracting or frustrating then people may be put off using the technology in the first place, leaving a potential security weak-point in the network.
MFA has now sufficiently evolved to provide the additional layer of security needed with minimum impact on the users.

For example, parameters can be defined so that MFA only activates if there is a usual pattern of behaviour, such as accessing the network at an unusual time or a device being used from a different physical location to normal.

Of course, unscrupulous operators will continue to attempt to counter any new security measure, but MFA is finally giving organisations the additional layer of security that will make a breach harder to achieve.”

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Tags: Fraud Risk and Analytics
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023
    mule. real-time

    Early Detection of Mule Activity Requires Real-Time Solutions

    May 22, 2023
    embedded finance, ecommerce

    How Retailers Can Enter the World of Embedded Finance Confidently 

    May 19, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from Brightwell: