Organizations face ever-increasing threats, and password security is paramount. But employees don't usually use robust password protocols or multi-factor authentication to secure valuable information.
A survey from LogMeIn, which makes the LastPass password manager, shows that the number of companies adopting a multi-factor authentication (MFA) solution is on the rise, with 57% of businesses choosing MFA in 2018, compared with 45% in 2017.
94% of employees chose a smartphone for MFA, while only 4% opted for a hardware-based solution and just 1% wanted biometrics. The trend is set by the abundant availability of smartphones, as opposed to the rest of the options.
Although MFA is used widely, it’s not uniformly distributed across the globe, with some countries leading the change, a few of them by considerable margins. First place is occupied by Denmark, with a 46% adoption rate, followed by the Netherlands with 41% and Switzerland with 38%. The United States is somewhere in the middle, with 28% adoption. Last place is taken by Italy, with only 20%.
Not surprisingly, the technology and software industry is the leader in using MFA software, followed by education and banking. Non-profit organizations, media/advertising, legal and insurance occupy the last places.
"Many businesses who encourage or require employees to use MFA are likely to be significantly ahead of their peers when it comes to mitigating threats. In cybersecurity, doing the basics well often has the biggest impact on preventing the most common attacks, so expect to see more widespread usage of MFA across sectors in the coming years," says the LastPass study.
The bigger the company, the more likely it is to use MFA, with 87% of organizations with 10,000 employees or more adopting some security solution. This also explains why smaller companies are more often targeted by phishing campaigns. Only 27% of smaller companies (up to 25 employees) use MFA, which means that less than a third have at least one layer of security.
MFA and two-factor authentication (2FA) may not be enough to ensure security alone, but they are essential tools for companies that need to safeguard their data.