Two-factor authentication (2FA) technology is still seen as too complex to deploy and use according to a survey of 100 senior IT staff by security company GrIDsure.
The survey found that nearly 60 percent of those asked were worried about 2FA's complexity, with more than half convinced it would prove costly to implement. A surprising one in five remain sceptical that any 2FA systems could solve the inherent problems that come with password-only security.
This is a sobering finding for a market that has long assumed growth will one day arrive as conventional IT security crumbles. GrIDsure, of course, presents its own tokenless pattern-based authentication system as a possible answer.
Despite this, there does seem to be some appetite for layered authentication with 36 percent convinced that authentication would be a big factor in securing employee access. A further 32 percent favoured employee education with seven percent open to the 'nuclear option' of banning remote access altogether.
After a spate of data breaches, the theme is topical although it is not clear that all of high-profile incidents would necessarily have been prevented by better employee remote authentication alone.
Expense could be the deciding issue.
“Everyone agrees that passwords are no longer enough to protect sensitive data in a digital age,” said GrIDsure founder and CTO, Stephen Howes. “But most of the strong authentication solutions out there are too complicated and costly to implement and manage. You really need something that’s as cheap and simple to use as the traditional password, but at the same time much more secure.”
“Any authentication solution that requires you to carry hardware tokens, or to have passcodes sent to your mobile phone while you’re trying to access a service on your computer just makes the log-in process more cumbersome,”he said.
Given that most IT staff seem not to trust their users to any great degree, technology might not be the only problem at hand. Only 34 percent of those surveyed trusted their employees to do enough to protect the company against cyber-threats with most of the rest trusting them only to ‘a degree’.
This is perhaps the problem with technology and modern organisations; too many technologies in too short a space of time protecting against too many evolving threats. In short, the hierarchical structures of companies just haven’t evolved fast enough to cope with the IT revolution of the last two decades and the cracks are now proving difficult to fill.