Duo Push, which makes use of app-based authentication, emerged as a robust authentication methodology as 91.5% of accounts enabled Duo Push as one of many authentication components, accounting for over 3.2 billion authentications (21%). Duo push was most popular over legacy authentication strategies corresponding to SMS and cellphone calls (at 4.9% in 2023).
“I feel it’s the pivot of individuals realizing that SMS-based authentication is definitely compromised, and there’s an enormous push by attackers to compromise SIM playing cards and be capable of spoof these numbers after which, by advantage, be capable of intercept SMS,” Lewis added.
Authentication failure and missing insurance policies increase issues
5 p.c of all measured authentications failed, with 28% of failures attributed to customers not being enrolled within the system. This presents a really dangerous space opening up the scope for attackers to realize unauthorized entry to delicate information or important methods, resulting in information breaches, in keeping with the report.
It was additionally noticed that 96.4% of organizations haven’t any coverage associated to location (permit, deny, or require 2FA), opening their networks to assaults by means of unauthorized cross-geography entry.
“Essentially, 96% of organizations total don’t have any geographical based mostly blocking in anyway, that means they’ve attackers from all the planet,” Lewis added. “Geo-blocking has restricted utility, but it surely does scale back numerous the noise for a lot of organizations.”
Regardless of heavy adoption, MFA was discovered to have lighter organization-wide deployments, which might result in credential compromises, rendering the partial adoption counterproductive. The common firm had 40.26% of accounts with both no MFA or a weak MFA 2.
