2FA, or two-factor authentication, is a simple and effective means of boosting your cyber-security. Despite this, a study performed by Duo Labs suggests that 2FA has not been adopted as much as one might expect, or as much as it should be.
Using data from Survey Sampling International, the researchers at Duo Labs created a survey to determine the adoption rate of 2FA. This survey was designed to mimic patterns throughout different regions to give an impression of how much 2FA was adopted, and was also targeted to a sample that was created to be proportional to the entire US population. The results of this survey provided some invaluable insights.
However, a few insights were more surprising than others. For example, only 28% used 2FA, and under half of all participants had ever heard of 2FA before taking the survey.
Yet of those who had heard of 2FA, 54% had adopted it voluntarily, and only 20.8% had first used it in their work environments. Considering the number of applications and services that encourage users to utilize 2FA as a security measure, these relatively high numbers make sense. What makes less sense is the fact that the researchers found that less than half of these voluntary adopters used 2FA at every opportunity.
Despite this, some of the survey’s results were a little more positive for the future of 2FA. Analysis of the current state of 2FA has shown a shift in how users authenticated their identities between 2010 and 2017, that shift indicating a reliance on more secure, safer methods. Hard tokens, or physical devices that a user carries to confirm their identity, have seen a decrease in use of about 50% in the time covered by this analysis. These tokens are relatively insecure, as they only need to be lost or stolen to potentially undermine the use of 2FA, so this decrease in their use shows an increase in security awareness and risk management.
Perhaps most importantly, this research provides real insights into the behavior of the user, and what they considered the most important reason to use certain 2FA methods.
Most users indicated that when they compared different approaches to 2FA, they held simplicity and convenience as their most important factors. This helps to explain why 84% of respondents ranked security tokens as the most trustworthy form of 2FA, when the security risks and issues are (as referenced above) well-known by users.
Still, the saddest truth revealed by this survey is that too few users utilize 2FA as they secure their devices, both personal and work related. Hopefully, the repeated security breaches and cyber attacks will help to change that, as the very real risk of data loss and how network security can prevent it is pushed further into the public consciousness.
The question now becomes, are your business’ resources protected by 2FA? If you want professional assistance in implementing it, and other critical security needs, request a consultation with Exact IT Consulting.