Duo Push, which makes use of app-based authentication, emerged as a powerful authentication technique as 91.5% of accounts enabled Duo Push as one of many authentication elements, accounting for over 3.2 billion authentications (21%). Duo push was most popular over legacy authentication strategies equivalent to SMS and telephone calls (at 4.9% in 2023).
“I believe it’s the pivot of individuals realizing that SMS-based authentication is well compromised, and there’s an enormous push by attackers to compromise SIM playing cards and have the ability to spoof these numbers after which, by advantage, have the ability to intercept SMS,” Lewis added.
Authentication failure and missing insurance policies elevate considerations
5 % of all measured authentications failed, with 28% of failures attributed to customers not being enrolled within the system. This presents a really dangerous space opening up the scope for attackers to achieve unauthorized entry to delicate information or vital methods, resulting in data breaches, in accordance with the report.
It was additionally noticed that 96.4% of organizations don’t have any coverage associated to location (permit, deny, or require 2FA), opening their networks to assaults by way of unauthorized cross-geography entry.
“Essentially, 96% of organizations general don’t have any geographical primarily based blocking in any respect, which means they’ve attackers from the entire planet,” Lewis added. “Geo-blocking has restricted utility, but it surely does cut back plenty of the noise for a lot of organizations.”
Regardless of heavy adoption, MFA was discovered to have lighter organization-wide deployments, which might result in credential compromises, rendering the partial adoption counterproductive. The common firm had 40.26% of accounts with both no MFA or a weak MFA 2.
