Two-Factor Authentication Set to Top $1.6Bn

Attacks that exploit username/password rubrics continue to plague organizations of all sizes, with the majority of breaches being attributed to weak or absent authentication. As a result, the global mobile multi-factor authentication software and service market will be worth $1.6 billion by the end of 2015, new research has revealed.

According to ABI Research, password issues have created significant market demand for mobile user authentication technologies that can be used to provide an additional factor of authentication—and an extra layer of security. In fact, two-factor authentication in particular is moving into the mainstream.

Further, public key techniques have been adopted for network security, operating systems security, application data security and digital rights management (DRM)—and continue to be popular. As a result, ABI Research calculates that the global managed mobile PKI software and service market will be worth $74 million by the end of 2015.

Hardware-based security tokens for two-factor are still holding their own, but one-time-passwords (OTPs) and soft tokens have emerged as the preferred choice of authentication, as they offer greater security because the password they generate is only valid for a single session/transaction. But, digital certificates based on the concept of public/private key cryptography are also an effective authentication mechanism, the firm said.

“In the recent years hard tokens have been increasingly replaced by their software counterparts (soft tokens) which use either a smartphone app or the phone itself to supply a secret code for authentication,” said Monolina Sen, ABI Research’s senior analyst in digital security. “Other methods used to provide the second authentication factor include smart cards, security certificates, OTPs and biometric scanning.”

Many financial enterprises and other organizations including Google, Facebook, Microsoft, Twitter, and Apple are already using two-factor authentication. Jon Oberheide, co-founder and CTO at Duo Security, told Infosecurity in an email that those who aren't currently using it are likely to have it on their 2015 roadmap.

“The real challenge that we see in organizations, and the main reason why these organizations choose Duo Security, is what we call ‘wall-to-wall’ deployments,” he said. “Historically, two-factor authentication has been limited in deployment scope to only the most critical services or to a select group of key administrators due to cost and usability burden. However, with modern two-factor solutions, particularly those leveraging a user's existing mobile device as opposed to legacy hardware tokens, organizations are now able to deploy wall-to-wall in a comprehensive way to all users and all services in their org. Some of the larger enterprises are slowly getting there, hence the breaches that make it appear that no two-factor was deployed.”

And with that kind of uptake, players like MobileIron, Gemalto, Centrify, Entrust, SecureAuth, Sansa Security, CA Technologies, SecurEnvoy, HID Global, Symantec and others are looking to innovate in the mobile authentication market, Sen added.

“A comprehensive solution will allow organizations to effectively enforce the appropriate method of authentication across applications, endpoints and environments (on-premise and cloud) without burdening end users,” he said.

What’s Hot on Infosecurity Magazine?