“Counting factors is a poor way to estimate authentication strength,” says Gartner analyst Ant Allan in a recent article by NetworkWorld’s Bob Violino, which highlights many of the reasons more businesses are turning to stronger authentication, in a way that is more convenient for users and less costly than incumbent solutions. With the increased use of employees bringing their own devices and working remotely, mobile devices are playing a huge role in authentication methods and scenarios, and consequently, cloud-based authentication services are also on the rise.
Here are four of the key trends that are shaping the demand for stronger authentication, highlighted in “Why password-only authentication is passe” at networkworld.com.
- Frequency of security breaches (i.e. Twitter, Evernote, LinkedIn) have IT departments paying closer attention to authentication.
- Ubiquity of mobile devices is not only increasing the number of online apps that users need to log in to, but also increasingly becoming the device of choice for assisting in authentication. According to Allan, in the past few years, the popularity of phone-as-a-token solutions has overtaken one-time password hardware tokens in terms of new and refreshed deployments.
- Enhanced methods of authentication have “morphed from traditional tokens to USB devices to smart cards to fingerprint readers, soft tokens and scanning devices.” Contextual authentication, based on analytics of behavior patterns and device patterns, is growing in importance and more vendors are offering it with their core user authentication products. Additionally, there is an increased interest in using biometrics for a higher level of assurance with improved user experience, including form factors like typing rhythm, voice recognition, face topography and iris structure.
- Move to cloud-delivered user authentication services is becoming more widely adopted and having the most traction among small and mid-sized businesses and industries where TCO is a more significant consideration. Gartner predicts that by 2017, more than 50% of enterprises will choose cloud-based services – up from less than 10% today.
There is a range of authentication methods available today, depending on the level of assurance and accountability you need for different scenarios. For example, combining both contextual authentication with biometric authentication could eliminate the need for a password or token altogether.
If you are looking for a way to optimize the balance between the need for stronger authentication and TCO, take a look at Symantec’s offerings – Validation and ID Protection Services (VIP) and Managed Public Key Infrastructure (PKI) – on our User Authentication website.