In 2023, app-based authentication method Duo Push became widely popular among users, with 91.5% of accounts enabling this method for authentication, amounting to over 3.2 billion authentications, constituting 21% of all authentication methods. This showed a strong preference for Duo Push over traditional methods such as SMS and phone calls, which only accounted for 4.9% of authentications.
According to experts, the shift towards app-based authentication methods like Duo Push can be attributed to the increasing vulnerabilities in SMS-based authentication. Attackers have been targeting SMS-based methods by compromising SIM cards and spoofing numbers, leading to interceptions of SMS messages. This has raised concerns regarding the security of SMS-based authentication, prompting users to opt for more secure methods like Duo Push.
However, despite the widespread adoption of app-based authentication methods, a report highlighted several concerning trends in the authentication landscape. It was found that 5% of all authenticated attempts failed, with 28% of these failures being attributed to users not being enrolled in the system. This posed a significant risk as it opened up opportunities for attackers to gain unauthorized access to sensitive data and critical systems, potentially leading to data breaches.
Furthermore, the lack of policies related to location-based authentication was also identified as a major concern. The report revealed that 96.4% of organizations had no policies in place for location-based authentication, leaving their networks vulnerable to unauthorized cross-geography access. This lack of geographical blocking was highlighted as a significant security loophole, as attackers from all over the world could potentially target these organizations.
Moreover, despite the heavy adoption of Multi-Factor Authentication (MFA), the report indicated that MFA deployments within organizations were relatively light. This raised concerns about the effectiveness of partial MFA adoption, as the average company had 40.26% of accounts with either no MFA or weak MFA protection. This highlighted the risk of credential compromises and the potential limitations of partial MFA adoption in enhancing overall security.
Overall, the findings of the report shed light on the evolving authentication landscape, emphasizing the need for organizations to address the shortcomings in their authentication policies and practices. As cyber threats continue to evolve, it is crucial for organizations to prioritize robust authentication methods and implement comprehensive policies to safeguard their systems and data from unauthorized access and potential breaches. With the increasing reliance on digital technologies, the importance of secure authentication methods and robust policies cannot be overstated in ensuring the overall security of organizations’ digital assets.