UK businesses are 'slow' to adopt multi-factor authentication
Businesses admit their password security isn't up to scratch, but vendor says "talk is cheap"


Password security within businesses is not evolving quickly enough, according to a new study, with nearly two-thirds of organisations admitting that they have still not implemented two-factor authentication.
An overwhelming number of UK companies are concerned that staff are re-using personal credentials for work accounts, raising the spectre of password re-use hacks, while 65% are uncomfortable with employees using their social media credentials to access corporate resources.
But 70% of 1,050 IT and business decision makers surveyed by Gemalto believe that consumer-grade authentication could be applied in the workplace, with over half of IT leaders saying that their own authentication methods suffer in comparison to those of Amazon and Facebook.
What is two-factor authentication? General Data Protection Regulation (GDPR) 68 million Dropbox credentials leak online Dropbox users may get free storage if they adopt stronger security
Gemalto's 2018 Authentication and Identity Management Index report found that adoption of two-factor authentication is increasing, with 76% of UK businesses expect to begin using a secondary identification check - such as a code sent to a mobile phone number - within two years, up from 66% in 2016. Just a third of staff are required to use it at the moment, according to Gemalto's report.
Joe Pindar, Gemalto's director of product strategy, said that many firms are simply failing to implement the necessary security tools to keep themselves safe from hackers.
"This is emphasised by the slow adoption of protection such as two-factor authentication - although adoption is increasing and the majority plan to introduce this within the next two years, talk is cheap and not enough is being done quickly enough," he claimed.
With GDPR just a few months away, organisations need to move faster to address any security risks in applications they use, he added, especially those with access to people's personal data.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"If they lack the expertise to do this, they must look to employ a third party to assist this process. Simply doing nothing is not an option for businesses any longer and actions speak louder than words," he said.
Picture: Bigstock
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacks
News The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?
News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
-
There's only one way to avoid credential stuffing attacks
Opinion PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
-
Google Authenticator 2FA update accused of making service less secure
News Lack of end-to-end encryption in code backup has some developers worried
-
Five things to consider before choosing an MFA solution
In-depth Because we all should move on from using “password” as a password
-
What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
In-depth Strong authentication is key to security, but it needs to be properly managed to avoid MFA fatigue
-
Beyond Identity strikes up strategic partnership with World Wide Technology
News WWT will implement Beyond Identity’s authentication platform internally while also acting as a global channel partner
-
Implementing strong authentication across your business
In-depth Strong authentication is hugely important, but implementing any regime at scale is not without its challenges