Today, we are excited to share with you the results of our first SecureAuth State of Authentication report. As many cybersecurity professionals know, stolen credentials are currently the most utilized attack vector in the threat landscape, despite the $74 billion spent every year on security.
Over the course of twelve months, our team gathered data from approximately 500 customers using Adaptive Authentication. We then analyzed 617.3 million user authentication attempts to identify success rates, how often multi-factor authentication was required, and the reasons behind failed authentication attempts. Nearly 90 percent of the time, 548.2 million attempts to be exact, authentication was deemed successful. This means a user entered their credentials, received a satisfactory risk-analysis score, and were granted access.
However, the remaining 69.1 million authentication attempts were either denied outright due to a high-risk score, or stepped up due to a medium risk score. These users were required to provide additional authentication, such as a one-time-passcode (OTP), push-to-accept, or symbol-to-accept.
And this is where it gets interesting…
There are a number of possible scenarios possible when authentication attempts are denied or stepped up. According to our analysis, the most common were:
- Bad Passwords: 60.3 million times, an incorrect password was entered.
- Suspicious one-time passcodes: 524,000 times, a bad OTP was entered or 'deny' was hit on the push-to-accept request.
- Self-service password reset: 200,000 password change requests were denied.
- Device recognition: 830,000 times, the device was unrecognized.
- Suspicious IP address: 2.45 million access attempts were stepped up to MFA because the IP address was suspicious.
Of these, we took a closer look at the 2.45 million authentication attempts coming from suspicious IP addresses. Further analysis found that 77,000 requests were denied outright because the IP address was deemed to be malicious, which is very concerning. Malicious IP addresses include those known to be associated with anomalous internet infrastructure, advanced persistent threat (APT) activity, hacktivism, or cybercriminal activity.
As we have seen with many high-profile breaches in recent years, it takes only a single bad actor successfully misusing credentials to expose sensitive and confidential company and customer data, at a high cost to the business and the brand that may take years of recovery.
SecureAuth helps our customers prevent breaches by either blocking risky authentication attempts or requiring users to step up before they are granted access. This layered authentication approach keeps attackers out and protects organizations. Read the infographic and click here to learn more about how Adaptive Authentication can help your business.