Two-factor authentication (2FA) adoption is increasing in the United States & UK, according to research from Duo Labs, part of Cisco Systems.
Two-factor authentication (2FA) adoption is increasing in the United States and UK, according to the “2021 State of the Auth Report” from Duo Labs, the security research team of multi-factor authentication (MFA) and zero-trust platform provider Duo Security.
That’s welcome news for MSPs and the end-customers they serve. Over the past two years or so, most MSP software providers have introduced mandatory 2FA settings in order to harden MSP software as well as end-customer systems. That 2FA trend appears to be extending far beyond the MSP and SMB market.
Duo Security 2FA Research Findings
For instance, key takeaways from Duo Labs’ report include:
- 79 percent of people said they have used 2FA, up from 53 percent in 2019.
- 72 percent indicated they currently use 2FA.
- SMS (85 percent) is the most common second factor that people with 2FA experience have used, followed by email (74 percent) and mobile passcode (44 percent).
- Financial accounts (93 percent) ranked first in terms of the most important accounts to secure via 2FA, followed by email (58 percent) and social media (40 percent).
- 32 percent stated they use a password manager and 42 percent said they use biometric authentication for some of their applications.
- 2FA adoption is higher in the UK (77 percent) than the United States (67 percent).
- 2FA adoption is higher among employed individuals (79 percent) than unemployed ones (60 percent).
In addition, the report revealed 68 percent of people do not use 2FA on all applications where it is available, Duo stated. As such, there is still ample opportunity to improve 2FA adoption globally.
A Warning About Single-Factor Authentication
Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) included single-factor authentication in its August 2021 list of cybersecurity “Bad Practices.” CISA encourages organizations to use these practices to learn cybersecurity “don’ts” and ensure they are well-equipped to guard against cyberattacks.