More than 2/3 of respondents, a survey found, said they are likely to use mobile phone-based verification in the future, and more security token users are anxious about the two-factor authentication technology.
The survey was conducted by PhoneFactor, which sold two-factor phone-based authentication without a token. The survey found that some organizations are considering other two-factor authentication options.
Among the 400 IT professionals surveyed, 93% of respondents who currently deploy tokens said the RSA vulnerability disclosed in July affected the SecurID token event and awakened them. Moreover, 44% of people are re-evaluating the token they are currently using, and 15% are accelerating the evaluation of the token option that has been planned.
According to the PhoneFactor survey, "If the RSA vulnerability makes it necessary to replace the currently deployed security token, 70% prefer to replace the existing token with an optional two-factor authentication method ."
On July 6, March 22, RSA announced a serious system vulnerability that affected SecurID users. The company later confirmed that SecurID destruction began with two phishing attacks, which targeted the zero-day vulnerability in Adobe Flash and used Microsoft Excel attachments for attacks. According to people familiar with the matter, it is impossible to replace all SecurID tokens.
Security experts said that even if data is stolen, an attacker using SecurID technology to intrude into a company also needs superb technology and good luck. Data is saved from a successful attack. The data must be stored on an encrypted Management Server, and each user has a unique ID and PIN.
In addition, 96% of respondents reflected other issues with token deployment. More than half of the people said that IT adds burden to IT resources and is inconvenient for end users.
Security experts said the out-of-band technology used by PhoneFactor enhances security, but it is not foolproof.
With the increase of phishing attacks and man-in-the-middle attacks against users, MFA technology has become very popular in banking and financial service companies. This technology is usually used by customers who make high-value transactions. It is also being used by law enforcement and other sensitive agencies. The survey found that the RSA SecurID vulnerability does not affect the development of this technology. 63% of respondents said they plan to adopt other multi-factor authentication methods over the next two years.
PhoneFactor's out-of-band two-factor authentication technology uses phone or text messages to provide a two-factor authentication instead of a token. More than 2/3 of respondents) indicate that they are likely to use mobile phone-based verification in the future.
Edit recommendations]