Usage of PhoneFactor’s products offer a good insight into adoption of phone-based authentication. The company offers phone-based two-factor authentication solutions to companies worldwide–users simply respond to a phone call or SMS text message from PhoneFactor to authenticate.
The company has more than doubled its user base in the first three quarters of this year with key sales in Banking, Government, Healthcare, and Enterprise. This, combined with the recent announcement by Google that it will be adding support for phone-based authentication to its Google Apps platform, validates a shift in the authentication market which has been expected for some time.
“I think it is great news for the market as it shows that a major player with massive influence is adopting the technology,” said Alan Goode of Goode Intelligence. Goode’s firm published a report on “The Mobile Phone as an Authentication Device – Analysis and Forecasts 2010 – 2014” which forecast significant growth in the phone-based authentication market.
“Our research shows that the introduction of mobile phone-based two-factor authentication will not only result in phone-based two-factor solutions taking market share from the previously dominant hardware token solutions, but also that new markets will be opened up as a direct result,” said Goode. “Strong authentication is no longer the preserve of an enterprise or corporate banking user; everyone who owns a mobile phone can now benefit from strong, agile authentication that is cost-effective and quick to deploy.”
“A new paradigm for user authentication, which reflects evolving standards for security and scalability, is driving adoption of phone-based authentication to unprecedented levels,” said Steve Dispensa, PhoneFactor CTO and co-founder. Single factor authentication based on user names and passwords has proven ineffective against today’s threats, yet multi-factor systems based on security tokens and smart cards have failed to become ubiquitous. The resulting gap is being filled by phone-based authentication methods.
“We’ve been seeing this shift on the banking and enterprise side over the last 12-18 months,” said Dispensa. “The demands of an increasingly mobile workforce, shift toward cloud computing models, and evolving threat landscape are forcing organizations to rethink their current authentication practices.”
Phone-based authentication can be quickly and cost-effectively enabled for large numbers of geographically diverse users, with out-of-band solutions offering protection against malware, such as keystroke loggers, and MITM/MITB attacks which have become prevalent in particularly high risk industries like banking.