Download PDF version Contact company

Less than half of businesses using 1st generation Multi-Factor Authentication (MFA) do so because they believe it to be the most secure option available, new research from IDEE has revealed.

The cybersecurity firm commissioned an independent survey of more than 500 IT and cybersecurity professionals within UK businesses. It found that 95% of UK businesses use 1st gen MFA solutions in some form, but just 40% of those said they used it because it was deemed to be the most secure cyber security solution for their IT systems and data.

Implemented MFA to satisfy

IDEE’s research told other common factors that contributed to MFA buy-in, with 35% saying

1st generation MFA includes MFA that relies on codes (sent via SMS, generated in an app, or generated on a hardware dongle), push notifications and QR codes. A third (32%) of 1st gen MFA users said they opted for that solution because it seems to be the most popular or common cybersecurity method at present.

IDEE’s research revealed other common factors that contributed to MFA buy-in, with 35% saying they implemented MFA to satisfy compliance or regulatory demand, while 31% stated it was required for their business or cyber insurance.

Deploy 1st generation MFA

The survey also found that 27% use 1st gen MFA simply because it came as standard from their IT providers (such as Google or Microsoft), and 22% chose it because they believed it was cheaper than other solutions.

The survey also found that 27% use 1st gen MFA simply because it came as standard

Al Lakhani, CEO of IDEE, said: “It’s alarming that businesses which are breached, deploy 1st generation MFA, continue to be breached, and the rest of the industry just copies it. As Einstein once said, insanity means doing the same thing over and over again and expecting different results.Over the past decade, IT departments have been led to believe that 1st gen MFA is the go-to cybersecurity solution for businesses globally thanks to misleading headlines from well-meaning companies – such as Microsoft – stating that MFA prevents 99% of all breaches. This is categorically false."

Implementing more robust security measures

Al Lakhani added: “The fact is that 1st gen MFA fails to protect businesses against common forms of cyber-attack, such as prompt bombing, credential phishing and Man-in-the-Middle (MitM) attacks. For me, this data smacks of herd mentality - IT and cyber pioneers are investing in MFA because it feels like the safe, blameless option, rather than properly scrutinising how well it stops the most common attacks."

"The entire industry needs to wake up. 1st gen MFA must be resigned to the dustbin of history. It’s time for businesses to shift their focus from blindly following the crowd to critically evaluating and implementing more robust security measures built on transitive trust and bulletproof identity proofing. Using this approach is necessary to achieve the Holy Grail of preventing account takeover.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?