2020 has shown how unpredictable the world can be. Remote work, which was previously a domain of freelancers, has become a new normal in 2021. Most big organizations have sent their employees to work from home, and regardless of how the health situation will change, it seems like it's going to stay like this indefinitely.
Remote work may be a comfort for employees and cost-cutting for organizations but it's also a pain in the butt of CISOs and cybersecurity specialists especially in enterprises and big organizations. Most organizations use the VPN as a first measure to protect the remote workers who connect from unsecured networks. VPN however is no longer a big challenge for cybercriminals as it can be compromised easily so new measures need to be introduced. Two-factor authentication (2FA) is usually the first thing to start with. Our prediction is that 2FA will no longer be adopted only in messaging and banking apps but it will spread across organizations on all web applications. Every business application will sooner or later be equipped with some form of strong authentication. Older methods (like text-based OTP, SMS, or even popular authenticating apps) will be replaced with new ones (like cryptographic security keys, web authentication based on FIDO2 standard).
In our last year's predictions, we claimed that 2020 will slowly but surely bring the expansion of multi-factor authentication. 2021 will continue and accelerate this trend without the slightest doubt.
The important thing about strong authentication that with newer methods this transition becomes more smooth and users won't be even noticing the change. People are already using web authentication without even noticing it. When you tap a screen of your mobile phone to authorize the transaction. When a camera recognition catches your face to authorize some operation. The everyday user often doesn't notice the change.
One other noticeable change from the user perspective but the essential upgrade in application security is called behavioral biometrics, and this may also start getting on popularity in 2021. Behavioral biometrics is already used in some banks and big organizations to help organizations track if the user behind the keyboard is actually the owner of the account and the person that is supposed to be using it. Behavioral biometrics follows the behavior of the person (so the pace of pushing the keys or moving the mouse) and if some suspicious behavior is noticed the administrator is notified immediately.
A big part of this transformation can be played by actors like user access security brokers or 2FA brokers. These types of solutions easily launch two-factor authentication on any application without changing the application code. The big difference between user access security brokers and a standard way of deploying two-factor authentication is that there's no software development involved. 2FA is moved from the scope of responsibility of software engineers and is moved in the hands of security admins. Security administrators with the use of 2FA brokers can install strong authentication on any application they control. The independence, scalability and flexibility of this approach is a good indicator that its popularity will surely grow in 2021.