Lani Leuthvilay, HYPR
3 Min. Read | June 30, 2020
HYPR was recognized by Gartner in its 2020 Market Guide for User Authentication, authored by Ant Allan, Tricia Phillips, Kaoru Yano, & David Mahdi (Gartner subscription required).
The report details the market landscape and trends of user authentication. Our takeaway is that the report shows that True Passwordless Security is necessary to drive multi-factor authentication (MFA) adoption and reduce account takeover (ATO) risks.
In our opinion, some key report highlights include:
- “Gartner projects that multiprotocol “mobile MFA” apps will become mainstream in the next 12 to 18 months, facilitating the transition to FIDO2 as the preferred approach and enabling passwordless MFA.”
To us, this coincides well with Apple’s announcement of FIDO2 WebAuthn coming to Safari. We’ve already seen how hardware tokens and on-device authenticators have brought FIDO to a wider audience. Now the ability to use the smartphone as a FIDO token will bring next-gen passwordless authentication to the masses.
- “IAM and other security leaders should: follow the CARE standard for cybersecurity controls: User authentication should be consistent, adequate, reasonable and effective.”
Gartner encourages security and risk management (SRM) leaders to look for solutions that are Consistent, Adequate, Reasonable, and Effective. At HYPR, we reinforce consistency when it comes to the user experience (UX) of secure authentication. This applies to both employee experience and customer experience. How else can we expect people to adopt new, secure authentication methods for work and personal use? An industry-wide adherence to CARE principles will further drive adoption of next-gen authentication.
3. “The rapid adoption of cloud services hugely increases enterprises’ exposure to phishing and other attacks, which in turn drives new investment in multi-factor authentication (MFA), among other cloud security controls.”
The report distinguishes between Phone-as-a-Token and FIDO-Centric approaches. While there may be an impulse to group these together, we should be aware that not all Phone-as-a-Token products are built on the FIDO standard.
Gartner suggests that “Most legacy ‘MFA’ tools are really only ‘+1FA’ tools, adding a single extra factor to a legacy password.” Additionally, “while most of the hype around FIDO2 has focused on the use of hardware security keys, Gartner projects that the use of FIDO2-enable smartphones as external authentications will dominate in the medium term.”
We 100% agree.
We see the 1FA observation by the leading information technology research firm as a red flag for regulated enterprises that are mandated to migrate to MFA. We also see the challenge of additional — and often costly — hardware tokens which require purchase, upkeep, and replacement over time. Hardware tokens are a good alternative in certain cases but are unsustainable in terms of cost-effectiveness and management as an organization scales.
User authentication is being driven by a multitude of market forces and personal preferences. The growing number of digital natives will lean towards UX and mobile-first products and service, while organizations will do what they can to lower the cost of ownership and support a growing remote workforce.
So, where do we go from here? HYPR will continue innovating towards emerging security trends and the current need to eliminate passwords. We won’t stop until we create a passwordless world.
Gartner “Market Guide for User Authentication,” Ant Allan, et al, 26 June 2020 Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
