But, says the report, analysis for which was carried out by Forrester Research, this trend is creating unwanted and often unforeseen consequences.
The aim of the report was to evaluate how enterprises are evolving their authentication and security practices in response to changing business and IT needs, such as the adoption of cloud and software-as-a-service (SaaS) technologies.
Tapping more than 300 surveys with enterprise IT professionals, researchers found that organisations are still grappling with how to adapt to more open environments from a security policy and controls standpoint.
However, says the report, plans for adopting additional identity and security solutions point to an aggressive program to support these business initiatives.
Delving into the study reveals that enterprises have deployed strong authentication selectively because of the low user acceptance it engenders due to the problems caused to users' productivity, the high per-user costs of acquiring strong authentication credentials, and a management overhead that also contributes to total cost of ownership.
The report notes that new methods for strong authentication, meanwhile, are stimulating the expansion of the use cases and user base for strong authentication.
"Mobile authentication – either through a smartphone-based application or a one-time password (OTP) sent over SMS – is one such approach", says the report.
The report adds that risk-based authentication – such as behaviour profiling – is another way to provide greater identity assurance in a form of strong authentication that is more user-friendly and cost-effective than traditional tokens or smart cards.
Use of these forms of strong authentication, says the VeriSign study, has been steadily climbing.
They were, notes the report, traditionally most attractive for business-to-consumer environments, but their simplicity in both implementation and use – there being no hardware for IT to provision or for users to lose – have expanded their appeal to business-to-business and even business-to-employee cases, including network login as well as remote access.