Trends Report

Remote Workers Turning To SMS-Based Two-Factor Authentication Is Much Better Than Passwords, But It Won’t Stop Targeted Attacks

September 22nd, 2020

Summary

Security leaders responsible for authentication approaches at their organization should read this research to understand the current state of adoption as well as future solutions. Forrester estimates that 70% of organizations are still password-centric. When entire workforces were forced to go remote, most of these companies started using two-factor authentication (2FA) in the form of a one-time password (OTP) over SMS. This is quickest to deploy because it avoids installing a mobile app but is also susceptible to compromise in certain cases. SMS 2FA can prevent up to 96% of bulk phishing and 100% of bot threats (automated software attempting to crack weak or known passwords). However, SMS 2FA only stops 76% of narrowly targeted attacks. Multifactor authentication (MFA) and passwordless approaches provide superior security for preventing account takeover but are more expensive and may require new technical skills and knowledge to deploy and operate. Consider total cost of ownership and user experience implications. Develop threat models for different user populations and base authentication options on those models. Privileged users, senior executives, and employees in finance and HR are likely targets, so consider implementing more robust security measures such as hardware security tokens for these users first. Schedule an inquiry for further guidance.

Want to read the full report?

This report is available for individual purchase ($1495).

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.