Market intelligence from ABI Research (www.abiresearch.com) finds that the global mobile multi-factor authentication software and service market will be worth US$1.6 billion by the end of 2015.
Username and passwords have been widely used to authenticate user identity but fail to provide adequate authentication, says the research group. Authentication-based attacks continue to plague organizations of all sizes with the majority of breaches being attributed to weak or absent authentication.
This has created significant market demand for mobile user authentication technologies that can be used to provide additional factor of authentication thus adding an extra layer of security. One-time-passwords (OTPs) and tokens have emerged as the preferred choice of authentication as they offer greater security because the password they generate is only valid for a single session/transaction.
Digital certificates based on the concept of public/private key cryptography are also an effective authentication mechanism. Public key techniques have been adopted in many areas of information technology, including network security, operating systems security, application data security, and digital rights management (DRM). ABI Research calculates that the global managed mobile PKI software and service market will be worth US$74 million by the end of 2015.
Many financial enterprises and other organizations including Google, Facebook, Microsoft, Twitter, and Apple are already using two-factor authentication (2FA). One form of two-factor authentication requires hardware-based security tokens.
"In the recent years hard tokens have been increasingly replaced by their software counterparts (soft tokens) which use either a smartphone app or the phone itself to supply a secret code for authentication. Other methods used to provide the second authentication factor include smart cards, security certificates, OTPs, and biometric scanning," says Monolina Sen, ABI Research’s senior analyst in Digital Security. "A comprehensive solution will allow organizations to effectively enforce the appropriate method of authentication across applications, endpoints, and environments (on-premise and cloud) without burdening end users."
Players like MobileIron, Gemalto, Centrify, Entrust, SecureAuth, Sansa Security, CA Technologies, SecurEnvoy, HID Global, Symantec, and others offer innovative and interesting offerings in the mobile authentication market.