In 2020, many IT executives will roll out or expand their implementation of Multi-Factor Authentication (MFA) to better safeguard identities. This is one of the key findings of a survey conducted by Pulse Q&A for Microsoft in October 2019.1 Specifically, 59 percent of executives will implement or expand MFA within three to six months. Another 26 percent will do so within 12 months. These executives are initiating these projects because they believe that MFA provides better security preparedness. They’re right. MFA, which requires that users authenticate with at least two factors, can reduce the risk of identity compromise by as much as 99.9 percent over passwords alone.

Protecting identities is vital to cybersecurity. Bad actors use compromised identities to gain a foothold in an organization, avoiding detection for an average of 100 days.2 Historically, organizations have relied on passwords to safeguard identities, but passwords alone aren’t enough. Eighty percent of hacking related breaches can be attributed to weak or compromised passwords, according to Verizon’s 2019 Data Breach Investigations Report. MFA reduces risk because it’s significantly harder to compromise two or more authentication factors.

Beyond passwords, there are several different authentication factors that organizations can implement to better protect their identities. Basic MFA augments passwords with SMS, one-time passwords (OTP), and codes generated by a mobile device. Strong MFA utilizes high assurance factors such as FIDO security keys and smart cards to authenticate users. Fingerprint scans, facial scans, and other biometrics are secure authentication methods that can simplify sign-in for users. Sixty-four percent of the executives in the survey use basic MFA. Forty-three percent use strong MFA. Biometrics was cited by 11 percent of respondents.

But things are changing fast. Ninety-one percent of executives plan to evolve their MFA implementation in the coming year. Twenty-two percent want to move to strong MFA. Another 13 percent will migrate toward biometrics. Better security is the primary driver of these changes.

2020 is the year to prioritize MFA. You can significantly reduce your risk of identity compromise by augmenting or replacing passwords with other authentication factors. Learn how organizations are using MFA.


1Pulse Q&A Inc. conducted research for Microsoft in October 2019 with 100 Security and IT executives in North America representing 17 industry sectors.

2The median number of days an organization is compromised before discovering a breach in 2017 is 101 days in comparison to 99 in 2016. Source: FireEye M-Trends 2018 Report