Last week, Courion announced its acquisition of Nova Scotia-based SecureReset, which, through its QuickFactor product, provides mobile-based two-factor authentication (2FA). This is the fourth acquisition of a 2FA startup by an enterprise software vendor in 2015:
· Twilio acquired Authy, February 2015 (purchase price N/A).
· Salesforce acquired Toopher, April 2015 (purchase price N/A).
· Micro Focus acquired Authasas, July 2015 (purchase price N/A).
· Courion acquired SecureReset, November 2015 (purchase price N/A).
These acquisitions reflect ongoing enterprise demand for 2FA solutions as an alternative to passwords. By now, the problems with passwords are well-known: They are easy for hackers to steal in bulk, and ongoing advances in computing processing power have eroded password security.
Since a password-free world is still somewhere off in the future, two-factor authentication provides a compelling password alternative that can help mitigate security risks. The evolution toward software-based 2FA form factors running on smartphones instead of dedicated single-purpose hardware tokens has eased deployment and training costs; it has also enabled large-scale consumer deployments of two-factor authentication as a password replacement alternative. These 2015 acquisitions demonstrate the continued interest in two-factor authentication.
Are passwords a dying breed? With every other organization getting hacked, many S&R pros would argue that if passwords aren’t dead yet, they should be. Yet many companies such as LogMeIn and LastPass continue to make strategic acquisitions, proving that interest in password management solutions remain high among enterprises and consumers (check out their press release, here.) It’s hard to have any confidence in a method that appears to be ineffective, frustrating, and highly outdated. Many companies are attempting to gain back consumer trust by offering voice biometrics, multi-step authentication methods, or other authentication alternatives to supplement or replace their existing policies.
Unfortunately, fraudsters are getting smarter and customers don’t want to spend more than 30-seconds logging into their accounts. With the addition of the multiple banking accounts, online shopping IDs, and social media platforms that almost every consumer uses daily, the challenge for these companies to keep all online accounts secure while also providing the painless log-in that customers are demanding can quickly turn into a catch-22. What is easy and convenient for customers is also incredibly insecure, thus making them the perfect bait for cybercriminals.