Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

Yubico Unveils Needed Awareness Around Phishing-Resistant MFA

By Greg Tavarez

I remember a time when all that was needed was a strong password or a one-time password to act as a strong defense against attacks that lead to data breaches. But as attacks have become more sophisticated, the weaknesses of password-based authentication are glaring (as they leave businesses vulnerable to attacks such as brute-force, phishing and credential stuffing). These attacks are costly for businesses in terms of lost revenue, legal fees and reputational damage.

The rise of cloud-based services and remote work is only adding fuel to that fire, as traditional security measures such as firewalls and VPNs are no longer sufficient to protect against attacks. This has resulted in the need for stronger authentication methods, such as multi-factor and adaptive authentication.

Still, IT leaders continue to rely on the least secure forms of authentication, including traditional usernames and passwords and one-time passwords. In a report from Yubico, only 46% of respondents protect their enterprise applications with MFA.

Hmm. This is a bit concerning, considering that 59% of respondents reported having a security breach within the past year, up 6% from just two years ago.

Seeing those results prompted Yubico to dive a bit deeper with its research. For those unfamiliar with Yubico, the hardware authentication security keys provider created security solutions based on an open standard and is a co-founder of the FIDO Alliance, which is dedicated to developing open, interoperable authentication standards. Yubico developed the YubiKey, which is a security key that provides strong MFA and eliminates the need for passwords.

Looking at the specific methods of authentication, the Yubico survey found that one of the least secure methods is the most deployed – usernames and passwords at 91%. Hardware-based USB security keys at 62%, biometrics at 59%, passwordless MFA at 58% and smart cards at 58% are the least deployed.

Those stats are appalling considering the amount of times companies preach about being the most secure and adopting solutions that mitigate all data breaches. But the survey revealed a stat that makes it not surprising at all.

Regarding the Executive Order on cybersecurity issued by President Joe Biden in May 2021 in response to the U.S. Office of Management and Budget issued Memo M-22-09, the survey found that only two-thirds have heard of the executive order and related OMB guidance regarding phishing-resistant MFA, and 91% of respondents report being familiar with FIDO standards. 

While many organizations have responded to the call for more secure forms of authentication, there is still a need to spread awareness and increase education around phishing-resistant MFA overall.

“Not all MFA is equal, and even though businesses know legacy MFA tools are not effective to stay secure, we’re seeing they're still using them as primary tools of defense,” said Ronnie Manning, Chief Marketing Officer of Yubico. “Now more than ever, education around the importance of phishing-resistant MFA is critical to officially move away from legacy MFA tools that are leaving thousands of businesses exposed to cyberattacks around the world.”

If one thing that should be taken from the survey, it’s that businesses continue to rely on outdated authentication methods, thus putting themselves at risk of cyberattacks and data breaches. By adopting more secure authentication methods, businesses better protect themselves and their customers.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Say Goodbye to Passwords: 1Password Unveils Two Passkey Innovations

By: Greg Tavarez    6/9/2023

1Password now offers customers the ability to save and sign into online accounts with passkeys as well as unlocking 1Password accounts with a passkey.

Read More

Industrial Cybersecurity Transformed: Secureworks Launches Integrated MDR Solution for OT and IT

By: Greg Tavarez    6/8/2023

Secureworks announced two new offerings to unify the way industrial organizations prevent, detect and respond to threats across the OT and IT landscap…

Read More

K8 Notifier: A New Twist on Cloud Cybersecurity

By: Matthew Vulpis    6/8/2023

K8 Notifer can create a suite of alerts for MSP to detect suspicious activity in the configuration and patterns of their and their customers cloud ser…

Read More

Impossible Cloud Paves Way with New Program in the Web3 Era

By: Greg Tavarez    6/8/2023

Impossible Cloud's Partner Program allows partners and resellers to seamlessly implement, demo and integrate its efficient, performance-driven solutio…

Read More

CrowdStrike Empowers Next-Gen Cybersecurity with Generative AI

By: Stefania Viscusi    6/8/2023

Security company CrowdStrike unveiled Charlotte AI, a new generative AI cybersecurity that will help to democratize security and empower users of the …

Read More