Download PDF version Contact company

Less than half of businesses using 1st generation Multi-Factor Authentication (MFA) do so because they believe it to be the most secure option available, new research from IDEE has revealed.

The cybersecurity firm commissioned an independent survey of more than 500 IT and cybersecurity professionals within UK businesses. It found that 95% of UK businesses use 1st gen MFA solutions in some form, but just 40% of those said they used it because it was deemed to be the most secure cyber security solution for their IT systems and data.

Implemented MFA to satisfy

IDEE’s research told other common factors that contributed to MFA buy-in, with 35% saying

1st generation MFA includes MFA that relies on codes (sent via SMS, generated in an app, or generated on a hardware dongle), push notifications and QR codes. A third (32%) of 1st gen MFA users said they opted for that solution because it seems to be the most popular or common cybersecurity method at present.

IDEE’s research revealed other common factors that contributed to MFA buy-in, with 35% saying they implemented MFA to satisfy compliance or regulatory demand, while 31% stated it was required for their business or cyber insurance.

Deploy 1st generation MFA

The survey also found that 27% use 1st gen MFA simply because it came as standard from their IT providers (such as Google or Microsoft), and 22% chose it because they believed it was cheaper than other solutions.

The survey also found that 27% use 1st gen MFA simply because it came as standard

Al Lakhani, CEO of IDEE, said: “It’s alarming that businesses which are breached, deploy 1st generation MFA, continue to be breached, and the rest of the industry just copies it. As Einstein once said, insanity means doing the same thing over and over again and expecting different results.Over the past decade, IT departments have been led to believe that 1st gen MFA is the go-to cybersecurity solution for businesses globally thanks to misleading headlines from well-meaning companies – such as Microsoft – stating that MFA prevents 99% of all breaches. This is categorically false."

Implementing more robust security measures

Al Lakhani added: “The fact is that 1st gen MFA fails to protect businesses against common forms of cyber-attack, such as prompt bombing, credential phishing and Man-in-the-Middle (MitM) attacks. For me, this data smacks of herd mentality - IT and cyber pioneers are investing in MFA because it feels like the safe, blameless option, rather than properly scrutinising how well it stops the most common attacks."

"The entire industry needs to wake up. 1st gen MFA must be resigned to the dustbin of history. It’s time for businesses to shift their focus from blindly following the crowd to critically evaluating and implementing more robust security measures built on transitive trust and bulletproof identity proofing. Using this approach is necessary to achieve the Holy Grail of preventing account takeover.

Download PDF version Download PDF version

In case you missed it

Global regulations of AI: the role and impact on the physical security industry
Global regulations of AI: the role and impact on the physical security industry

The artificial intelligence revolution in physical security has arrived, transforming how we protect people, assets, and infrastructure. From smart buildings that automatically ad...

How does security innovation impact the skillsets operators need?
How does security innovation impact the skillsets operators need?

Technology automates tasks, streamlines processes, and improves efficiency in various fields, including physical security. But the success of today’s latest technologies depe...

How can manufacturers and integrators mitigate the risks of port forwarding?
How can manufacturers and integrators mitigate the risks of port forwarding?

Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open por...

Quick poll
What's the primary benefit of integrating access control with video surveillance?