Along with the increasing reports of IT security breaches comes the growing concern that traditional methods of managing access to devices and systems is inadequate. Therefore, we'll see more organizations seek ways to improve the technologies and methods that are being applied in their environment.
Mobile devices are particularly viewed as being vulnerable to unauthorized use, because they can more easily be lost or stolen. According to the latest market study by ABI Research, the global mobile multi-factor authentication software and service market will be worth $1.6 billion by the end of 2015.
Username and passwords have been widely used to authenticate user identity but fail to provide adequate authentication. The growth in authentication-based attacks continue to plague organizations of all sizes, with the majority of breaches being attributed to weak or absent authentication.
This situation has created significant market demand for mobile user authentication technologies that can be used to provide additional factor of authentication thus adding an extra layer of security.
One-time-passwords (OTPs) and tokens have emerged as the preferred choice of authentication as they offer greater security because the password they generate is only valid for a single session or transaction.
Digital certificates based on the concept of public/private key cryptography are also an effective authentication mechanism. Public key techniques have been adopted in many areas of information technology -- including network security, operating systems security, application data security, and digital rights management (DRM).
ABI Research calculates that the global managed mobile PKI software and service market will be worth $74 million by the end of 2015.
Many financial enterprises and other organizations including Google, Facebook, Microsoft, Twitter, and Apple are already using two-factor authentication (2FA). One form of two-factor authentication requires hardware-based security tokens.
"In the recent years hard tokens have been increasingly replaced by their software counterparts (soft tokens) which use either a smartphone app or the phone itself to supply a secret code for authentication," said Monolina Sen, senior analyst at ABI Research.
Other methods used to provide the second authentication factor include smart cards, security certificates, OTPs, and biometric scanning. ABI believes that a comprehensive solution will allow organizations to effectively enforce the appropriate method of authentication across applications, endpoints, and environments without burdening end users.