The adoption rate of phishing-resistant multi-factor authentication ("MFA"), such as hardware keys and device-based passkeys nearly doubled in 2023, according to a study by Okta, a company that provides identity and management solutions.

However, the overall usage rate of MFA remains relatively small. Despite recent mandates from the government and private industry, the adoption rate of all forms of MFA seems to be flattening out at around 65 percent.

Okta's 2024 Secure Sign-in Trends Report notes that MFA adoption rates vary widely by industry, with the technology sector leading the way at 88 percent and the warehousing and transportation sector lagging at 38 percent. Interestingly, there is an inverse correlation between the number of employees and the rate of MFA adoption, with smaller organizations having higher adoption rates.

https://www.scworld.com/resource/the-rise-of-phishing-resistant-mfa-and-what-it-means-for-a-passwordless-future

Commentary

MFA differs from Single-Factor Authentication (SFA) which involves a single form of verification like a password or PIN. However, as cyberattacks grew, the demand for more effective authentication methods led to the development of Two-Factor Authentication (2FA) in the 1980s. 2FA added an extra layer of security by requiring a second form of verification, such as a smart card or token, in addition to a password.

In the 2000s, more sophisticated forms of authentication emerged, including biometric authentication (e.g., fingerprint, facial recognition), behavioral biometrics (e.g., keyboard typing patterns), and contextual authentication (e.g., location-based authentication). Modern MFA solutions often incorporate multiple factors, such as something you know (password, PIN), something you have (smartphone, smart card), something you are (biometric data), somewhere you are (location-based authentication), and something you do (behavioral biometrics).

The adoption of MFA has been influenced by various factors, including the explosion of mobile devices, the scale and sophistication of cybersecurity threats, regulatory requirements, and the rise of cloud computing and changing workplaces.

Multi-Factor Authentication (MFA) offers several benefits that enhance security and user experience.

• By requiring multiple forms of verification, MFA significantly reduces the risk of unauthorized access to sensitive information.
• Traditional login mechanisms are susceptible to attacks like phishing, keylogging, and brute-force attacks. MFA mitigates these vulnerabilities by adding extra layers of security.
• Many industries have regulatory requirements that mandate the use of MFA to protect sensitive data. Implementing MFA helps organizations comply with these regulations.
• By providing a more secure authentication process, MFA helps build trust with users, ensuring that their data is protected.

The final takeaway is that single-factor authentication is vulnerable to phishing. Organizations should protect their accounts and devices by requiring MFA.