Two-Factor Authentication Set For Revival?

See any good espionage movie ranging from “Mission Impossible” to the “Bourne Identity” films,  and you’re bound to come across some form of biometric, also known as multi-factor authentication. But while glamorized in Hollywood, the reality is that the two-factor authentication never quite took off as a mainstream security mechanism.

Until now, that is. Technology trends such as cloud and mobility are providing the necessary fuel to finally propel two-factor authentication into a security model with greater customer reach in a wider range of market segments. And that, in turn, could spell profitability for the channel.

A recent New York Times article lauded the benefits of two-factor authentication as a means to reduce identity theft and site hacks when accessing Web applications and services.  Using bank’s automated teller machine as an example—ATMs requires both a PIN and a card for verification of user identity—the article described how the same method could be applied to shore up security vulnerabilities in high-profile websites.

In order to access high-traffic sites, users would be required to supply something they know (e.g. a password or a PIN) along with something they have (e.g. a code that appears on the users’ phone).

Under such a system, even if cybercriminals were to hack into a password server to steal login credentials, the pilfere passwords would be useless unless the crooks also had access to the victims’ mobile devices.

The idea has merit, and could go far in addressing breaches and site hacks targeting cloud applications such as Dropbox and Amazon, Google, and other high-profile services.

The concept isn’t entirely new. Two-factor authentication, also called two-step verification, has been around for the better part of a decade. Yet the solution never quite experienced the same growth trajectory or traction as other well-established security staples such as antivirus, firewalls, encryption and even access control and Web filters. Case in point: TechNavio projected that the Identity and Access Management market would grow a modest 8.2 percent between 2011 and 2015. And one of the biggest growth inhibitors will be the inability to adequately enforce user policy, they found.

The solution has played well in certain verticals, however, such as financial services, government and the military, where more robust security mechanisms to protect highly sensitive or classified data are generally required.

RSA Security Inc., the security division of EMC Corp., with strong relationships in these verticals, has retained the lion’s share of the authentication market, which falls under the auspices of the identity and access management market.  Other leading vendors include Entrust Inc., Gemalto N.V. and VASCO Data Security International.

Historically the solution has been seen as cumbersome and complicated, while requiring too many moving parts, which have ultimately served to impede the efficiency and expedience of most Web applications. Those and other factors have stymied its overall growth, often relegating the solution to the category of complementing technology or upsell.

But over the past year, the solution has experienced a bit of an uptick, driven, in part, by the cloud. Like most cloud technologies, cloud authentication is still carving out its place in the overall security market. However, it could very well be the catalyst that drives the solution’s growth.

For one, the cloud helps solution providers overcome many of the infrastructure, operational and management hurdles usually associated with on-premise two-factor authentication. That, in turn, will make the solution more accessible to a wider array of users, including SMBs, and other non-enterprise customers.

In addition, cloud offers benefits such as scalability, reduced complexity, ease of use, and reduced overhead cost for customers, which also allows partners to reach budget-conscious SMBs and lower market customers with a range of related subscription services.

As of late, cloud authentication has migrated from the realm of conceptual to practical after data protection firm SafeNet launched what it touted as one of the first cloud authentication services. And, as mentioned previously by Channelnomics, it likely won’t be the last.

Meanwhile, as suggested by Times’ Randall Stross, mobility trends might be another driving force in authentication expansion. The reason? Almost everyone has a mobile phone, usually located within easy reach throughout much of the workday.

Historically, two-factor authentication has relied on either hardware or software tokens, sometimes resulting in tracking and management challenges with tokens easily lost or forgotten.

Two-factor authentication that leverages mobile phones, on the other hand, promises to overcomes that obstacle by allowing users to leverage the mobile devices that are on or near them at all times. The device isn’t seen as a hindrance, but rather, a consummate universal tool on par with any Swiss army knife.

Plus, as with mobility trends in general, users are responsible for their own devices, reducing some of the infrastructure headaches and the costs of replacing expansive tokens.

If indeed mobility trends are truly leveraged for authentication, Stross’ scenario could very well play out. Ultimately, it will likely take a significant paradigm shift for users—and subsequently the channel—to fully embrace two-factor authentication. That means users that currently take for granted speedy access to any Web site service, will be required to take an extra few seconds to pass all security checks and “log in”–much as one would when standing at an ATM.

One Response to “Two-Factor Authentication Set For Revival?”