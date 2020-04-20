Individuals are aware of the need for data security, whether to protect their own personal information or that of their employer’s. They are also increasingly cognizant of the security technologies helping to protect identity and access:

77% of people have heard of two-factor authentication (2FA), up from 44% in 2017

53% have used 2FA, up from 28% in 2017

These are some of the results of a recent study — “State of the Auth” — into experiences and perceptions of multi-factor authentication (MFA), conducted among individuals across ages, ethnicities, and incomes.

Yet, drilling down into these figures, there’s a glaring divide with 2FA: Familiarity and usage drop with age. For example, 69% of 18-24 year olds are using 2FA, compared with just 36% of those aged 55-64.

“Many people in today’s workforce have been brought up on passwords and are used to using them,” says Richard Archdeacon, Advisory CISO, Cisco. “However, as most companies understand, password use is fundamentally flawed — easily broken and very expensive to maintain. Forgotten passwords alone can cause help-desk headaches.”

Even though individuals may feel the pains of trying to remember scores of different passwords to gain entry to systems, they also feel reluctance to use an unfamiliar security method.

Removing Friction

In this era of complex IT infrastructures, an expanded attack surface, and increasingly remote workforce, companies must seek improved access security to protect the workforce, workloads, and the workplace.

Yet, as businesses progress toward password-less solutions and adopt MFA, Archdeacon says enterprises must consider all users — in all age groups.

“This is a transformation project,” he says. “You’re not just putting in a new piece of technology, you’re changing the way people work. So you need a clear vision of how it will benefit everyone in the organization and then communicate that as clearly as possible.”

At its core, MFA should be about frictionless security, a key advantage for workers.

“Most people find that remembering passwords is an obstruction,” he says. “They want to do their work, not ‘do their security.’ Password-less is one of the rare examples in security where that friction of having multiple passwords for multiple applications is removed.

“You’ll get better buy-in, and a successful transition,” he continues, “if you explain the ease of access to all the applications and tools they need to get their jobs done.”

Along the way, measure adoption success. That might include asking for user feedback, monitoring help-desk requests, and add training where necessary.

As companies continue on the journey toward a password-less IT environment, Archdeacon advises CISOs and CSOs to “lead by identifying the benefits, lead with empathy toward users as they gain more comfort with change.”

