SOURCE: PhoneFactor


April 27, 2011 09:30 ET

Survey Reveals RSA Breach Undermining Confidence in Security Tokens

Over Half of IT Professionals Now Evaluating Two-Factor Alternatives

OVERLAND PARK, KS--(Marketwire - Apr 27, 2011) - PhoneFactor, the leading global provider of phone-based authentication, today released the results of its recent survey on multi-factor authentication. The results indicate organizations that utilize security tokens, many of which are already frustrated with the burden tokens place on their IT departments and end users, are being driven to action by the recent RSA breach.

The survey of more than 400 information technology professionals from a wide variety of industries found that the vast majority of respondents with current token deployments (93%) are aware of the RSA breach affecting SecurID tokens, which was disclosed in March, 2011. Of those, 44% are now re-evaluating their current use of tokens and another 15% are speeding up an already planned evaluation of token alternatives. If due to the RSA breach it becomes necessary to replace security tokens already deployed, 70% would prefer to replace them with an alternate two-factor method.

Other key findings in the survey include:

  • Aside from the RSA breach, there are significant concerns about the effectiveness of tokens against today's top threats. Of the 86% of respondents who are aware of these threats, 55% indicated that man-in-the-middle or other recent threats, which defeat security tokens, have reduced their level of confidence in the security provided by tokens.
  • Due to overall security concerns related to tokens, 65% of respondents are either currently evaluating or plan to evaluate the use of out-of-band authentication.
  • Security is not the only area of concern among respondents with current token deployments. Ninety-six percent (96%) reported issues with their token implementations, such as IT Resources Required to Deploy and Manage (52%), Lack of Convenience for Users (51%), High Ongoing Fixed Costs (39%), and Limited Interoperability with Mobile Devices (37%).
  • While the future of security tokens is questionable, use of multi-factor authentication is expected to grow significantly. Sixty-three percent (63%) of all respondents plan to increase use of other multi-factor authentication methods over the next two years.
  • Out-of-Band authentication using a phone call or text message is seen as a leading replacement, with more than two-thirds (68%) of all respondents indicating that they are likely to use phone-based authentication in the future.
  • Ease of Use (29%), Use of an Existing Device (28%), and Out-of-Band Security (20%) are seen as primary benefits of phone-based authentication and are key drivers for the shift toward phone-based methods.
  • Within banking and financial services, phone-based authentication is an even more popular alternative to tokens with 81% of respondents from that sector indicating that security concerns related to tokens had caused them to evaluate the use of out-of-band authentication (compared to 68% overall) and 82% indicated that their organization is likely to use phone-based authentication in the future (compared to 68% overall).
  • Security appears to be a stronger driver for the use of phone-based authentication among banks, whereas ease of use ranked highest for respondents overall. Forty-one percent (41%) of respondents from banks ranked out-of-band security as the primary benefit of phone-based authentication.

The survey results are consistent with forecasts by leading analysts who predict a continued decline in the use of hardware tokens for authentication and an increased reliance on phone-based methods. Gartner, Inc. expects that by year-end 2013, fewer than 10% of all authentication events will involve discrete, specialized authentication hardware of any kind (Predicts 2011: Identity and Access Management Continues Its Evolution Toward a Strategic Discipline, November 23, 2010 by Ant Allan, Earl Perkins, and Ray Wagner). The research notes that "by adopting alternative authentication methods, enterprises will be able to meet their needs for improved security at a lower cost and with a better user experience."

About PhoneFactor
PhoneFactor is a leading provider of multi-factor authentication. The company's award-winning platform uses any phone as a second form of authentication. PhoneFactor's out-of-band architecture and real-time fraud alerts provide strong security for healthcare, enterprise, banking, and website applications. It is easy and cost effective to set up and deploy to large numbers of geographically diverse users. PhoneFactor has been named to the Bank Technology News FutureNow list of the top 10 technology innovators securing the banking industry today and as a finalist in the SC Magazine Reader Trust Awards. Learn more at

Contact Information