Infosec pros are moving beyond traditional passwords

Businesses nationwide are increasing their cybersecurity budgets and exploring alternative authentication techniques to passwords, according to a SecureAuth and Wakefield survey of more than 300 IT security professionals in the U.S.

Investments are increasing, but challenges remain

59% of professionals said their company experienced a data breach in the last 12 months. It may not come as a surprise, then, to find that 95% of respondents think their companies will increase security spending in the next year. Of that number, 44% expect to do so by 20% or more.

Will heftier budgets be put towards preventative measures or post-breach clean up? The survey results point to the former: 62% of respondents believe managing the consequences of data breaches cost their companies more than protecting against them. But, IT professionals face an ongoing battle, owning to market pressures that tend to get in the way of prioritizing proactive cybersecurity. In fact, 87% of cybersecurity professionals admit their company is frequently forced to choose between user experience and greater security.

Technology is playing catch-up

Increased spending may in part be due to the evaluation and exploration of new secure techniques and technologies. For example, in the past passwords have been the preferred method of use for secure access management. They both enforce a baseline level of security and are generally budget friendly.

Amidst the growing rate of cyberattacks, however, the attitudes towards passwords have changed drastically. In no small part due to high profile security compromises like the Ashley Madison attack, companies have learned that password-only policies can leave personal information quite vulnerable. This assessment is backed up by the survey results, with approximately 66% of respondents leveraging authentication methods beyond passwords.

Perhaps owning to both security holes and their cumbersome nature, 91% of cybersecurity professionals agree that the traditional password will not exist in ten years. On top of that, password recall can waste company resources. The survey results noted 85% of cybersecurity professionals believe employees frequently contact the help desk because they’ve forgotten passwords – with more than 1 in 3 (37%) saying their employees do this all the time.

Identifying the right solutions

While the number above might point towards a wide scale movement away from passwords, it’s not all smooth sailing: 81% of cybersecurity professionals think new authentication methods are prohibitive because they require the latest technology and most up-to-date software. Yet interestingly, 97% of respondents also believe new authentication techniques are reliable (such as fingerprint scans or two-factor authentication).

In juxtaposing these findings, it becomes clear there is still room for growth. Vendors must continue to improve on existing multi-factor authentication technology – with an eye towards offering a seamless user experience – and customers must do their due diligence in identifying the most appropriate solutions for them.

“This survey very clearly indicates there is an appetite for multi-factor authentication solutions beyond the traditional password,” said Craig Lund, CEO of SecureAuth. “Advances in Adaptive Authentication have brought to market a number of options that help users stay both secure and productive by layering multiple methods, such as device recognition, analysis of the physical location of the user, or even by using behavioral biometrics to continually verify the true identity of the end user. Integrating these types of solutions may take a little time, and a redirection of budget – but I’m hard-pressed to think of a worthwhile cybersecurity endeavor that doesn’t. In this day and age, proactivity is much more important than reactivity.”