Phishing-Resistant MFA Adoption in Financial Industry Remains Low at 28%

www.news4hackers.com-phishing-resistant-mfa-adoption-in-financial-industry-remains-low-at-28--phishing-resistant-mfa-adoption-in-financial-industry-remains-low-at-28-

Many financial institutions still rely on passwords as part of their authentication processes, creating significant vulnerabilities to phishing and credential theft, according to a report by Secret Double Octopus.

Workforce Authentication Practices

Financial organizations employ a combination of authentication methods, with password-based systems paired with one-time passwords (OTPs) more prevalent in smaller enterprises than in larger institutions. While single-factor passwords and magic links are rarely used, MFA has become the standard for securing workforce access. The primary motivation for modernizing MFA is to reduce risks from phishing and credential-based attacks, alongside efforts to standardize authentication protocols, enhance security measures, and address regulatory requirements.

Phishing-Resistant MFA Gaps

Despite widespread MFA adoption, only 28% of workforce authentication mechanisms meet phishing-resistant criteria. These methods utilize cryptographic authentication or eliminate credentials that attackers could exploit. Passwordless authentication accounts for 15% of current workflows, indicating limited progress toward fully secure alternatives.

Challenges in Implementation

Organizations face barriers such as technical complexity, budget constraints, legacy infrastructure, and fragmented identity management systems. Legacy application support is a more pressing concern for team leads and managers than for executive leadership. Additionally, regulatory compliance-driven MFA upgrades often correlate with larger legacy environments, complicating modernization efforts.

SaaS vs. Legacy Systems

MFA adoption rates are higher for software-as-a-service (SaaS) applications, with 74% protected compared to 50% for legacy systems. Over half of surveyed organizations reported that 50% to 74% of their applications and infrastructure consist of legacy systems. The report emphasizes that these gaps can be addressed without overhauling existing infrastructure, leveraging solutions compatible with outdated platforms.

Industry Priorities and Recommendations

The study underscores the need for organizations to prioritize phishing-resistant MFA to protect sensitive systems. While some MFA implementations may appear robust, they often lack true phishing resistance, leaving critical assets exposed. The findings call for targeted investments in authentication technologies that align with evolving threat landscapes and regulatory expectations.

According to a report by Secret Double Octopus.



About Author

en_USEnglish