- Security TWENTY
- Women in Security Awards
Millions of pounds are being wasted every year recovering and replacing lost physical authentication tokens as IT professionals admit the ongoing management costs are huge as users frequently lose them. That’s the findings of a recent survey by a product company in the field. It found that an eighth, 12pc of companies waste ‘months’, every year, recovering and replacing lost physical security tokens. The survey was conducted among 300 IT security people in London. Another one in ten, 10pc revealed they waste weeks every year in management time chasing and replacing physical tokens, 13pc lose days while 16pc were able to contain this to a matter of hours.
Tokens are obviously frequently being lost: in a typical 12 month some 7pc of companies were losing tokens at a rate of between 51pc and 75pc, 14pc at between 26pc and 50pc, 13pc between 11pc and 25pc, and 32pc of companies recorded 10pc of lost tokens. Some 3pc of respondents confessed that between 76pc and 100pc of all physical tokens in their organisation were being lost every year.
The study was conducted by SecurEnvoy, a tokenless authentication product firm, to gauge how deep the hidden costs associated with managing a physical authentication system run.
Andy Kemshall, CTO and co-founder of SecurEnvoy says:“Organisations invest huge sums of money in out-dated technology that has stood still while the world has moved on. We advocate the use of mobile phones which can be turned into an authentication device eliminating many of the management costs associated with 2FA systems. Our mantra is simple: authenticate anyone, anywhere, any phone – simply and securely.”
Secret questions not enough
Another area the study examined is the use of passwords. Fifty-seven percent of respondents confirmed that a password is required as part of their ‘log-on’ procedure. While 78pc of the sample agreed that using a secret question to secure a password is not enough, still 21pc relied on this verification when a password reset is needed, and an additional 10pc didn’t know if they did or didn’t.
Andy adds: “It’s startling that so many organisations know the risks associated with passwords, and the insecurities introduced when resetting them with a secret question, yet they still continue with the practice in the blind hope that nothing will go wrong. With 2FA arguably the strongest realistic authentication option, it makes sense for it to be incorporated whenever a person needs to do something that requires them to validate they are who they say they are – password resets being an obvious candidate. Users can now very easily reset their passwords, themselves, via a self-help web page using a one-time passcode sent to their mobile phone. This method eliminates the average help desk cost of £14 for each password reset, but also allows companies to introduce more secure practices for everyday eventualities.”
For more information visit www.securenvoy.com