Many IT departments spend months recovering lost tokens
Millions of pounds are being wasted every year recovering and replacing lost physical authentication tokens as IT professionals admit the ongoing management costs are huge as users frequently lose them. That’s the findings of a survey recently conducted by SecurEnvoy, who found that a staggering 12% of companies waste ‘months’, every year, recovering and replacing lost physical security tokens. The survey was conducted amongst 300 IT security professionals in London.
An additional 10% revealed they waste weeks every year in management time chasing and replacing physical tokens, 13% lose days while a lucky 16% were able to contain this to a matter of hours.
Some companies lose up to 75% of their tokens
Tokens are obviously frequently being lost, when you look at a typical 12 month period it was galling to find that 7% of companies were losing tokens at a shockingly high rate of between 51% and 75%, 14% at between 26% and 50%, 13% between 11% and 25% and 32% of companies recorded 10% of lost tokens. You really do have to admire the commitment of the 3% of respondents who confessed that between 76% and 100% of all physical tokens in their organisation were being lost every year! When you think each token has an overhead cost – averaged at £50 per token, that’s a lot of money to write off.
The study was conducted by SecurEnvoy, the inventors of tokenless authentication, to gauge just how deep the hidden costs associated with managing a physical authentication system run.
Andy Kemshall, CTO and co-founder of SecurEnvoy explains, “Organisations invest huge sums of money in out-dated technology that has stood still while the world has moved on. We advocate the use of mobile phones which can be turned into an authentication device eliminating many of the management costs associated with 2FA systems. Our mantra is simple: authenticate anyone, anywhere, any phone – simply and securely.”
Majority of IT security professionals agree secret questions are not enough to secure passwords
Another area the study examined is the use of passwords. Fifty-seven percent of respondents confirmed that a password is required as part of their ‘log-on’ procedure. While 78% of the sample agreed that using a secret question to secure a password is not enough, still a staggering 21% relied on this verification when a password reset is needed, worryingly an additional 10% didn’t know if they did or didn’t!
Andy concludes, “It’s startling that so many organisations know the risks associated with passwords, and the insecurities introduced when resetting them with a secret question, yet they still continue with the practice in the blind hope that nothing will go wrong. With 2FA arguably the strongest realistic authentication option, it makes sense for it to be incorporated whenever a person needs to do something that requires them to validate they are who they say they are - password resets being an obvious candidate. Users can now very easily reset their passwords, themselves, via a self-help web page using a one-time passcode sent to their mobile phone. This method eliminates the average help desk cost of £14 for each password reset, but also allows companies to introduce more secure practices for everyday eventualities.”