RSA SecurID Breach Shakes Confidence in Token-Based Authentication: Survey | eWeek

RSA SecurID Breach Shakes Confidence in Token-Based Authentication: Survey

Apr 27, 2011
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The recent data breach at RSA Security is encouraging IT professionals to re-evaluate alternative authentication methods and to reconsider the safety of token-based authentication, according to a recent survey.

Nearly 44 percent of IT professionals who were aware of the RSA data breach are now re-evaluating token-based authentication platforms, according to a survey released by PhoneFactor on April 27. The survey covered more than 400 IT professionals across multiple industry sectors, and 48.6 percent reported they are currently using either hardware or software security tokens in their organizations.

Fully 93 percent of the respondents were aware that attackers had stolen information about RSA’s SecurID two-factor authentication technology. Furthermore, 57 percent indicated that the RSA breach has reduced their confidence in security tokens overall.

Independent of the data breach, about 86 percent of the respondents were concerned about the effectiveness of hardware tokens against increasingly sophisticated cyber-threats. Of this group, a little more than half said man-in-the-middle attacks have reduced their confidence in security provided by tokens.

Due to overall security concerns and lack of confidence in tokens, 65 percent of the respondents said they are either currently evaluating or plan to evaluate other out-of-band authentication methods. That number inches up a little higher to 70 percent when looking only at the respondents who were aware of the RSA incident. Nearly 15 percent of the respondents who were aware of the breach said they are speeding up plans to evaluate alternative products.

This is consistent with a Gartner forecast that the use of specialized authentication hardware such as tokens will decline dramatically to be less than 10 percent by the end of 2013. Google is one of the major organizations that have recently implemented phone-based authentication for its Gmail users.

The survey did not specify whether the institutions are considering these alternative methods for use internally by employees or for customers accessing external-facing services.

Nearly all-96 percent-of the IT managers in the survey have other concerns besides security with their current token deployments. The issues include the amount of resources needed to deploy and manage the technology, lack of convenience, high ongoing fixed and internal support costs, and the lack of interoperability with mobile devices and cloud services.

The level of concern is particularly high in the banking and financial services sector, as 81 percent said their organizations are evaluating the use of out-of-band authentication. About 82 percent of banking professionals said their organization is likely to consider phone-based technology because they think it is the most secure.

Irrespective of the industry, 68 percent said they are considering phone-based out-of-band authentication. Respondents listed out-of-band authentication, such as relying on a phone call or text message, as a leading alternative to tokens because they are easier to use and rely on a device users already have.

Of the 400 respondents that replied to the email survey, a little over a third of the respondents were from organizations with less than 250 employees. The survey included IT managers, IT staff, product managers and non-IT staff.

PhoneFactor is a multifactor authentication provider that sells phone-based technology.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.