Last week, Courion announced its acquisition of Nova Scotia-based SecureReset, which, through its QuickFactor product, provides mobile-based two-factor authentication (2FA). This is the fourth acquisition of a 2FA startup by an enterprise software vendor in 2015:
· Twilio acquired Authy, February 2015 (purchase price N/A).
· Salesforce acquired Toopher, April 2015 (purchase price N/A).
· Micro Focus acquired Authasas, July 2015 (purchase price N/A).
· Courion acquired SecureReset, November 2015 (purchase price N/A).
These acquisitions reflect ongoing enterprise demand for 2FA solutions as an alternative to passwords. By now, the problems with passwords are well-known: They are easy for hackers to steal in bulk, and ongoing advances in computing processing power have eroded password security.
Since a password-free world is still somewhere off in the future, two-factor authentication provides a compelling password alternative that can help mitigate security risks. The evolution toward software-based 2FA form factors running on smartphones instead of dedicated single-purpose hardware tokens has eased deployment and training costs; it has also enabled large-scale consumer deployments of two-factor authentication as a password replacement alternative. These 2015 acquisitions demonstrate the continued interest in two-factor authentication.
Are passwords a dying breed? With every other organization getting hacked, many S&R pros would argue that if passwords aren’t dead yet, they should be. Yet many companies such as LogMeIn and LastPass continue to make strategic acquisitions, proving that interest in password management solutions remain high among enterprises and consumers (check out their press release, here.) It’s hard to have any confidence in a method that appears to be ineffective, frustrating, and highly outdated. Many companies are attempting to gain back consumer trust by offering voice biometrics, multi-step authentication methods, or other authentication alternatives to supplement or replace their existing policies.
Unfortunately, fraudsters are getting smarter and customers don’t want to spend more than 30-seconds logging into their accounts. With the addition of the multiple banking accounts, online shopping IDs, and social media platforms that almost every consumer uses daily, the challenge for these companies to keep all online accounts secure while also providing the painless log-in that customers are demanding can quickly turn into a catch-22. What is easy and convenient for customers is also incredibly insecure, thus making them the perfect bait for cybercriminals.
Shame on you if you share your password. The consequences can ruin your sterling reputation, violate legal terms of service, promote fraud and identity theft, and give ex-lovers weapons of mass digital destruction. We all do it, despite the risks. Share your Netflix password with your BFF so she can watch House Of Cards and season 4 of Arrested Development. Reveal your Amazon password to your teenage son so he can rent college textbooks using your account. The list of examples goes on.
Come again? You mean to tell me that Eve Maler, one of Forrester's experts on emerging identity and security solutions, has never changed her Amazon password? Yep. She aptly points out that "Amazon has no password rules." While passwords aren't dead, she says, firms that rely only on passwords for identity management are vulnerable to serious breaches. Most firms have "terrible hygiene" when it comes to identity management.
In this episode of TechnoPolitics, Eve Maler discuss how firms like Amazon and Paypal use a "constellation" of risk-based authentication techniques and technologies to protect customers' identity. The courage to make tough calls — that's Eve.
Podcast Listening Options — The Future Of Identity Management